I have been selected as the General Area Review Team (Gen-ART)
reviewer for this draft (for background on Gen-ART, please see
http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html).
Please resolve these comments along with any other comments you
may receive.
Document: An Interface and Algorithms for Authenticated Encryption
draft-mcgrew-auth-enc-03.txt
Reviewer: Eric Gray
Review Date: 9/21/2007
Summary:
=======
This draft is nearly ready for publishing as a Proposed Standard.
Comments/Questions:
==================
At several places, the acronym "AAD" is used when it appears as if
"AEAD" was intended. This occurs in the following places:
o First sentence, next-to-last paragraph, on page 6
o Throughout section 3.3 (both paragraphs, bottom Pp 10, top Pp 11)
o First sentence, last paragraph, on page 14
One reason why this appears to be the case, is that section 3.3
is entitled "Construction of AEAD Inputs" - but the very first
sentence starts "If the AAD input ..."
If AAD is a distinct term, what does it mean? If it is not a
distinct term, well...
_______________________________________________________________________
In section 4, second paragraph, is it possible to assign a P_MAX
value of zero in a particular algorithm, and - if so - what does
it mean to say:
"Each AEAD algorithm MUST accept any plaintext with a length between
zero and P_MAX octets, inclusive, where the value P_MAX is specific
to that algorithm"
?
Similar questions also apply to A_MAX and N_MAX in the third and
fourth paragraphs (respectively) of the same section.
_______________________________________________________________________
In the last sentence of section 5.3.1, "he" should probably be
"an attacker" (it is not clear who "he" is) and "ensues" should
probably be "may ensue" (a vulnerability does not guarantee an
attack).
_______________________________________________
Gen-art mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/gen-art
