Here is new version of the RFC4307bis. This includes changes from Valery (http://www.ietf.org/mail-archive/web/ipsec/current/msg10410.html) except I did not change the AEAD/non-AEAD text in the section 3.2. The current document still says that PRF and AUTH algorithms SHOULD be same if non-AEAD encryption algorithm is used. Also I did not add anything extra for the AUTH_AES_XCBC_96 for section 3.3.
Otherwise it should contain all changes. This also now includes new section 5 explaining the situatin with IoT, i.e. why there is not exactly one option for them, but the algorithms used there is specified by the environment, and for the 802.15.4 / 802.15.9 the algorithm is ENCR_AES_CCM_8. For others it might be different. Check it out and with this I think it might be ready for the WGLC. ---------------------------------------------------------------------- internet-dra...@ietf.org writes: A new version of I-D, draft-ietf-ipsecme-rfc4307bis-05.txt has been successfully submitted by Tero Kivinen and posted to the IETF repository. Name: draft-ietf-ipsecme-rfc4307bis Revision: 05 Title: Algorithm Implementation Requirements and Usage Guidance for IKEv2 Document date: 2016-04-05 Group: ipsecme Pages: 16 URL: https://www.ietf.org/internet-drafts/draft-ietf-ipsecme-rfc4307bis-05.txt Status: https://datatracker.ietf.org/doc/draft-ietf-ipsecme-rfc4307bis/ Htmlized: https://tools.ietf.org/html/draft-ietf-ipsecme-rfc4307bis-05 Diff: https://www.ietf.org/rfcdiff?url2=draft-ietf-ipsecme-rfc4307bis-05 Abstract: The IPsec series of protocols makes use of various cryptographic algorithms in order to provide security services. The Internet Key Exchange (IKE) protocol is used to negotiate the IPsec Security Association (IPsec SA) parameters, such as which algorithms should be used. To ensure interoperability between different implementations, it is necessary to specify a set of algorithm implementation requirements and usage guidance to ensure that there is at least one algorithm that all implementations support. This document defines the current algorithm implementation requirements and usage guidance for IKEv2. This document does not update the algorithms used for packet encryption using IPsec Encapsulated Security Payload (ESP). Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat -- kivi...@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec