Re: [Emu] EAP-GPSK: Ciphersuites

Tue, 22 Aug 2006 02:26:53 -0700 

Hi
let us for a moment assume that RFC 4307 makes some reasonable algorithm choices (we are talking about IKEv2 here). If we take the text and apply it to EAP-GPSK then we would produce something like: 

Conservative Choice:
-----------------------

(Integrity)
      AUTH_HMAC_SHA1_96        2            [RFC2404]            MUST

(Encryption)
      ENCR_3DES                3         [RFC2451]       MUST-

(Key Derivation)
      PRF_HMAC_SHA1       2          [RFC2104]    MUST


(Note that there is no MUST for encryption algorithms specified in RFC 
4307.)



Choice for the Future:
-----------------------

(Encryption)
     ENCR_AES_CBC             12        [AES-CBC]       SHOULD+

(Integrity)
     AUTH_AES_XCBC_96         5         [AES-MAC]       SHOULD+

(Key Derivation)
      PRF_AES128_CBC      4          [AESPRF]     SHOULD+

Does this sound like a terrible bad idea?

Ciao
Hannes

M. Vanderveen schrieb:

Both are pretty popular. Why not list them both? As for which one to be 
mandatory to implement, someone should to a search through other systems 
(e.g. IEEE, IPSec) and see which one is most popular.


*/Hannes Tschofenig <[EMAIL PROTECTED]>/* wrote:

    Hi all,

    the current version of the document
    http://tools.ietf.org/wg/emu/draft-clancy-emu-eap-shared-secret-01.txt
    still supports AES-EAX:

    +-----------+----+-------------+---------------+--------------------+
    | CSuite/ | KS | Encryption | Integrity | Key Derivation |
    | Specifier | | | | Function |
    +-----------+----+-------------+---------------+--------------------+
    | 0x000001 | 16 | AES-EAX-128 | AES-CMAC-128 | GKDF-128 |
    +-----------+----+-------------+---------------+--------------------+

    At the IETF#66 EMU meeting AES CCM was suggested.

    Later, it got the impression that AES-CBC was more appreciated. Should
    we update the draft with AES-CBC?

    Ciao
    Hannes


    _______________________________________________
    Emu mailing list
    [email protected]
    https://www1.ietf.org/mailman/listinfo/emu


------------------------------------------------------------------------
Do you Yahoo!?

Get on board. You're invited 
<http://us.rd.yahoo.com/evt=40791/*http://advision.webevents.yahoo.com/handraisers> 
to try the new Yahoo! Mail Beta.



_______________________________________________
Emu mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/emu






















					Reply via email to