Hi If AES-GMAC is 'Not Supported" in IKEv1, then in RFC4869
3.3. Suite "Suite-B-GMAC-128" ...................................4
3.4. Suite "Suite-B-GMAC-256" ...................................5
The mentioning of IKEv1 is not applicable at all!
Thanks,
SooFei
________________________________
From: [email protected] [mailto:[email protected]]
Sent: Friday, April 10, 2009 11:40 AM
To: Soo-Fei Chew; [email protected]
Subject: RE: [IPsec] transform id for ESP GMAC for IKEv1 Phase2
Hmm - the IKEv1 (actually ISAKMP) and IKEv2 encryption
algorithm registries appear to have diverged, starting
with the value 21 (e.g., Camellia in CBC mode has
different values in the two registries).
The current answer for GMAC usage in IKEv1 appears to
be "Not Supported". In order to change this, IANA
would need to be directed to allocate a new value in
the appropriate ISAKMP registry.
Thanks,
--David
----------------------------------------------------
David L. Black, Distinguished Engineer
EMC Corporation, 176 South St., Hopkinton, MA 01748
+1 (508) 293-7953 FAX: +1 (508) 293-7786
[email protected] Mobile: +1 (978) 394-7754
----------------------------------------------------
________________________________
From: [email protected] [mailto:[email protected]] On Behalf Of
Soo-Fei Chew
Sent: Thursday, April 09, 2009 4:15 PM
To: [email protected]
Subject: [IPsec] transform id for ESP GMAC for IKEv1 Phase2
Hi
Per RFC4543, section 9, for ike v2 the ESP Phase 2 transform ID is 21 but it
doesn't specify for IKEv1. If I use 21 for ikev1, it conflicts with RFC4196
section 5.2.
Please advise what to put as transform ID for ESP IKEv1.
Thanks,
SooFei
Soo-Fei Chew
Senior Engineer
Mocana Corporation
[cid:[email protected]]
Securing the Internet of Things
Request a free trial of Mocana's software at <http://>
http://www.mocana.com/evaluate.html
[email protected]<mailto:[email protected]>
350 Samsome Street Suite 1010,
San Francisco, CA 94105
p +1 415 617 0055 ext. 3011
f +1 415 617 0056
Confidentiality Notice: The information contained in this electronic
transmission is confidential, and may be protected from disclosure under
applicable law. This transmission is intended only for the use of the
individual to whom it is addressed. If you are not the addressee, or the
employee or agent responsible for delivering this transmission to the intended
recipient, please notify us immediately by telephone at the telephone number
above, and destroy this transmission in its entirety. Any use, dissemination,
review, distribution, disclosure, copying or taking of any action whatsoever in
reliance upon or in connection with the contents of this transmission is
strictly prohibited.
<<inline: image001.jpg>>
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
