Hi,
I have mostly no problem with the document.
However I have one small concern.
The draft lists the following trasforms based on AES cipher:
AES-GCM
AES-CCM
AES-CTR
AES-128-CBC
AES-GMAC
AES-XCBC-MAC-96
All these transforms, except for AES-XCBC-MAC-96,
allows to be used with different key lengths - 128, 192 and 256 bits.
It looks strange to me that, unlike the others, AES-128-CBC
has key length explicitely specified in the draft. Why it differs in
this respect from the others? What about AES-192-CBC and
AES-256-CBC - are they also "MUST" or "MAY"? Or even "MUST NOT"? :-)
I think the draft should either:
- remove explicit key length from AES-128-CBC and make it just AES-CBC
- add explicit key length to all other AES-based transforms (except for
AES-XCBC-MAC-96)
- leave things as is, but explain why AES-CBC differs in this respect from
the others
Regards,
Valery Smyslov.
----- Original Message -----
From: "Yaron Sheffer" <[email protected]>
To: "ipsec" <[email protected]>
Sent: Tuesday, February 25, 2014 10:48 PM
Subject: [IPsec] Working Group Last Call: draft-ietf-ipsecme-esp-ah-reqts
Hi, this is to start a 2-week working group last call on the revised
Algorithm Implementation Requirements document, ending March 11. The draft
is at: http://tools.ietf.org/html/draft-ietf-ipsecme-esp-ah-reqts-01. We
should have last called the draft a while ago, and I apologize for the
delay.
The changes from the existing requirements are listed in Sec. 2.5 of the
draft, but most of this (rather short) document is new and describes the
rationale for the choice of algorithms and requirement levels.
Please read this draft and send any comments to the WG mailing list, even
if the comments are "I see no problems". Comments such as "I do not
understand this part" or "this part could be explained better in this way"
are particularly useful at this point.
Thanks,
Yaron
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
