If there are no further comments, this issue will be closed.
Issue #111: Can IKEv1 negotiate combined algorithms to be used by IPsec-v3?
==> As a result of Tero's comments, added #2 below and revised #3. #1 and #4
remain unchanged from the previous email sent to the list.
Proposed changes to Roadmap doc:
1) Add text to section 5.4 (Combined Mode Algorithms)
Additional text (unchanged from previous email):
Some IKEv1 implementations have added the capability to negotiate
combined mode algorithms for use in IPsec SAs; these implementations
do not include the capability to use combined mode algorithms to protect
IKE SAs. Since combined mode algorithms are not a feature of IPsec-v2,
these IKEv1 implementations are used in conjunction with IPsec-v3. IANA
numbers for combined mode algorithms have been added to the IKEv1 registry.
2) Add text to section 5.3.4 (RFC 4543, The use of GMAC in IPsec ESP and AH):
(added since previous email)
AES-GMAC cannot be used by IKEv2 to protect its own SAs, since IKEv2
traffic requires encryption.
3) Change IKEv2 requirements level
Requirements levels for AES-GMAC:
old IKEv2 - optional
new IKEv2 - N/A
4) Move RFC 4543 to section on combined mode algorithms, since it has 2
versions: classic integ prot and also combined mode
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
