r that (i.e., no registry
changes needed now).
Thanks,
--David (RFC 4595 co-author)
> -Original Message-
> From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org]
> On Behalf Of Tero Kivinen
> Sent: Wednesday, October 28, 2009 7:43 AM
> To: Frankel, Sheila E.
>
Frankel, Sheila E. writes:
> Additional text:
>Some of these algorithms generate a fixed-length ICV, which is truncated
>when it is included in an IPsec-protected packet. For example, standard
>HMAC-SHA-1 generates a 160-bit ICV, which is truncated to 96 bits when it
>is used to
; ipsec-boun...@ietf.org; Tero Kivinen; Paul Hoffman;
suresh.krish...@ericsson.com
Subject: Re: [IPsec] [ipsecme] #112: Truncation of SHA-1 ICVs
Hi Sheila,
1) I don't think we can expand the registry to include non-truncated versions
of HMAC-SHA2-*. RFC 4868 stipulates for IKE and IPs
10/27/2009 11:46 AM
Subject:
Re: [IPsec] [ipsecme] #112: Truncation of SHA-1 ICVs
#112: Truncation of SHA-1 ICVs
Proposed change to Roadmap doc:
Add text to Section 5.3 (Integrity-Protection Algorithms)
Current text:
The integrity-protection algorithm RFCs describe how to use these
algorit
#112: Truncation of SHA-1 ICVs
Proposed change to Roadmap doc:
Add text to Section 5.3 (Integrity-Protection Algorithms)
Current text:
The integrity-protection algorithm RFCs describe how to use these
algorithms to authenticate IKE and/or IPsec traffic, providing
integrity protection t