Hmm - the IKEv1 (actually ISAKMP) and IKEv2 encryption algorithm registries appear to have diverged, starting with the value 21 (e.g., Camellia in CBC mode has different values in the two registries). The current answer for GMAC usage in IKEv1 appears to be "Not Supported". In order to change this, IANA would need to be directed to allocate a new value in the appropriate ISAKMP registry.
Thanks, --David ---------------------------------------------------- David L. Black, Distinguished Engineer EMC Corporation, 176 South St., Hopkinton, MA 01748 +1 (508) 293-7953 FAX: +1 (508) 293-7786 [email protected] Mobile: +1 (978) 394-7754 ---------------------------------------------------- ________________________________ From: [email protected] [mailto:[email protected]] On Behalf Of Soo-Fei Chew Sent: Thursday, April 09, 2009 4:15 PM To: [email protected] Subject: [IPsec] transform id for ESP GMAC for IKEv1 Phase2 Hi Per RFC4543, section 9, for ike v2 the ESP Phase 2 transform ID is 21 but it doesn't specify for IKEv1. If I use 21 for ikev1, it conflicts with RFC4196 section 5.2. Please advise what to put as transform ID for ESP IKEv1. Thanks, SooFei Soo-Fei Chew Senior Engineer Mocana Corporation Securing the Internet of Things Request a free trial of Mocana's software at <http://> http://www.mocana.com/evaluate.html [email protected] 350 Samsome Street Suite 1010, San Francisco, CA 94105 p +1 415 617 0055 ext. 3011 f +1 415 617 0056 Confidentiality Notice: The information contained in this electronic transmission is confidential, and may be protected from disclosure under applicable law. This transmission is intended only for the use of the individual to whom it is addressed. If you are not the addressee, or the employee or agent responsible for delivering this transmission to the intended recipient, please notify us immediately by telephone at the telephone number above, and destroy this transmission in its entirety. Any use, dissemination, review, distribution, disclosure, copying or taking of any action whatsoever in reliance upon or in connection with the contents of this transmission is strictly prohibited.
<<image001.jpg>>
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
