[IPsec] WGLC comments: draft-ietf-ipsecme-esp-ah-reqts

Sat, 08 Mar 2014 05:38:33 -0800 

The draft looks very good.  Aside from my previous comment on 256-bit
AES keys, I want to +1 three things I've seen in this discussion:

        - DES should be "MUST NOT"
        - "SHOULD NOT-" is a better keyword than "SHOULD NOT+"
        - NULL authentication for use with AES GCM should be at
                least "SHOULD+" because AES GCM is "SHOULD+".

If the intent is to cover the latter (NULL authentication) in
Section 3, then I suggest adding text to section 2.3 to point this out.

I have no strong opinion on ICV size for GCM and GMAC, but I am interested
in the outcome as an author of the Block Storage IPsec profile update
(draft-ietf-storm-ipsec-ips-update-04).  That draft does not currently
express requirements on ICV length.  That draft's in Authors 48 hours at
the moment as part of the entire iSCSI draft cluster, and it could be held
to apply the ICV length outcome determined here if that were deemed important.
        
Thanks,
--David

> -----Original Message-----
> From: IPsec [mailto:[email protected]] On Behalf Of Yaron Sheffer
> Sent: Tuesday, February 25, 2014 1:49 PM
> To: ipsec
> Subject: [IPsec] Working Group Last Call: draft-ietf-ipsecme-esp-ah-reqts
> 
> Hi, this is to start a 2-week working group last call on the revised
> Algorithm Implementation Requirements document, ending March 11. The
> draft is at:
> http://tools.ietf.org/html/draft-ietf-ipsecme-esp-ah-reqts-01. We should
> have last called the draft a while ago, and I apologize for the delay.
> 
> The changes from the existing requirements are listed in Sec. 2.5 of the
> draft, but most of this (rather short) document is new and describes the
> rationale for the choice of algorithms and requirement levels.
> 
> Please read this draft and send any comments to the WG mailing list,
> even if the comments are "I see no problems". Comments such as "I do not
> understand this part" or "this part could be explained better in this
> way" are particularly useful at this point.
> 
> Thanks,
>      Yaron
> 
> _______________________________________________
> IPsec mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/ipsec

_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to