This document defines clefia ciphers for IKEv1 and IKEv2. I see no point of adding anything to the already obsoleted IKEv1 protocol, so I think it is better to remove all references to IKEv1 from this document (i.e section 3) and IKEv1 parts from section 1 and section 6.
We need to be consistent here and reject all additions to IKEv1. Also some of the IKEv1 registries (IPSEC ESP Transform Identifiers) are "Standards Track RFC" required registries, meaning this document would have to be standard track document. The document is currently listed as being informational. In the section 2.4 this document adds CLEFIA-CMAC-PRF-128, in similar way than AES-CMAC-PRF-128 was added. I thought we had already discussion in the ipsec-list about whether any CMAC-PRF for IKEv2 KDF use is safe, but I cannot find it now. I think some cryptographers were saying that CMAC is not good enough for using as KDF (which is where IKEv2 PRF is used for) as its output is not random enough or something. We should really look in to this issue, and see whether we need to deprecate the other CMAC PRFs too. -- [email protected] _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
