That looks like an oversight at least wrt RFC 4869. Chairs (of ipsecme) and Pasi (AD) - is a new RFC needed to allocate this value, or is there a lower overhead and faster means of getting this done?
Thanks,
--David
________________________________
From: [email protected] [mailto:[email protected]] On
Behalf Of Soo-Fei Chew
Sent: Friday, April 10, 2009 3:11 PM
To: [email protected]
Subject: Re: [IPsec] transform id for ESP GMAC for IKEv1 Phase2
Hi
If AES-GMAC is 'Not Supported" in IKEv1, then in RFC4869
3.3. Suite "Suite-B-GMAC-128"
...................................4
3.4. Suite "Suite-B-GMAC-256"
...................................5
The mentioning of IKEv1 is not applicable at all!
Thanks,
SooFei
________________________________
From: [email protected] [mailto:[email protected]]
Sent: Friday, April 10, 2009 11:40 AM
To: Soo-Fei Chew; [email protected]
Subject: RE: [IPsec] transform id for ESP GMAC for IKEv1 Phase2
Hmm - the IKEv1 (actually ISAKMP) and IKEv2 encryption
algorithm registries appear to have diverged, starting
with the value 21 (e.g., Camellia in CBC mode has
different values in the two registries).
The current answer for GMAC usage in IKEv1 appears to
be "Not Supported". In order to change this, IANA
would need to be directed to allocate a new value in
the appropriate ISAKMP registry.
Thanks,
--David
----------------------------------------------------
David L. Black, Distinguished Engineer
EMC Corporation, 176 South St., Hopkinton, MA 01748
+1 (508) 293-7953 FAX: +1 (508) 293-7786
[email protected] Mobile: +1 (978) 394-7754
----------------------------------------------------
________________________________
From: [email protected]
[mailto:[email protected]] On Behalf Of Soo-Fei Chew
Sent: Thursday, April 09, 2009 4:15 PM
To: [email protected]
Subject: [IPsec] transform id for ESP GMAC for IKEv1
Phase2
Hi
Per RFC4543, section 9, for ike v2 the ESP Phase 2
transform ID is 21 but it doesn't specify for IKEv1. If I use 21 for
ikev1, it conflicts with RFC4196 section 5.2.
Please advise what to put as transform ID for ESP IKEv1.
Thanks,
SooFei
Soo-Fei Chew
Senior Engineer
Mocana Corporation
Securing the Internet of Things
Request a free trial of Mocana's software at <http://>
http://www.mocana.com/evaluate.html
[email protected]
350 Samsome Street Suite 1010,
San Francisco, CA 94105
p +1 415 617 0055 ext. 3011
f +1 415 617 0056
Confidentiality Notice: The information contained in
this electronic transmission is confidential, and may be protected from
disclosure under applicable law. This transmission is intended only for
the use of the individual to whom it is addressed. If you are not the
addressee, or the employee or agent responsible for delivering this
transmission to the intended recipient, please notify us immediately by
telephone at the telephone number above, and destroy this transmission
in its entirety. Any use, dissemination, review, distribution,
disclosure, copying or taking of any action whatsoever in reliance upon
or in connection with the contents of this transmission is strictly
prohibited.
<<image001.jpg>>
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
