On Mon, 31 Mar 2014, [email protected] wrote:
Subject: [IPsec] I-D Action: draft-ietf-ipsecme-esp-ah-reqts-03.txt
A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-ietf-ipsecme-esp-ah-reqts-03
So one of the changes is:
- SHOULD+ AES-GCM [RFC4106]
+ SHOULD+ AES-GCM with a 16 octet ICV [RFC4106]
While I'm happy with that change (I argued for it to not using the
truncated ICV versions), the document now makes no statement about those
other ICV variants. RFC 4106 states:
The ICV consists solely of the AES-GCM Authentication Tag.
Implementations MUST support a full-length 16-octet ICV, and MAY
support 8 or 12 octet ICVs, and MUST NOT support other ICV lengths.
Me personally, and one of the authors of 4106 (John Viega) would like to
see those other ICV's moved to SHOULD NOT. Since these are MAY in 4106,
and not mentioned in this draft, they would remain MAY.
I also wonder about:
"It is NOT RECOMMENDED to use ESP with NULL authentication
in conjunction with AH"
Why do we now say "NOT RECOMMENDED" instead of continuing to talk in
RFC4835 terms? eg:
ESP with NULL authentication MUST NOT be used in conjunction
with AH.
If we go through the effort of stating such deployments are insecure,
which we do in the next line, we might as well clearly tell implementors
not to do this. "not recommended" does not say "don't do this".
language nits:
As a non-native english speaker, "efficacy" was not clear to me, and
almost read as "efficiency". So I would change "undermines the efficacy
of encryption". Maybe something like just "undermines the trustworthiness
the encryption" (although that sounds a bit Colbert like :)
s/perfers/prefers
Paul
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
