Daniel Migault writes:
> Regarding the negotiation of the use of the implicit IV three ways have been
> proposed. Currently it seems that the consensus is more encline to define
> Transform IDs. However, it has been raised that Transform Attributes might be
> a better protocol design choice.
My personal preference is for Transform IDs.
> I would like to understand if there are any guidance whether using attributes
> is preferred to ID or vice versa and if there is any preference in usingĀ
> IMPLICIT IV Transform ID versus an IMPLICIT IV Transform Attribute.
Both with Transform IDs and Transform Attributes you need to duplicate
each cipher support things. The payload would be either:
SA Payload
|
+-- Proposal #1 ( Proto ID = ESP(3), SPI size = 4,
| | 7 transforms, SPI = 0x052357bb )
| |
| +-- Transform ENCR ( Name = ENCR_AES_CBC )
| | +-- Attribute ( Key Length = 128 )
| |
| +-- Transform ENCR ( Name = ENCR_AES_CBC )
| | +-- Attribute ( Key Length = 192 )
| |
| +-- Transform ENCR ( Name = ENCR_AES_CBC )
| | +-- Attribute ( Key Length = 256 )
| |
| +-- Transform INTEG ( Name = AUTH_HMAC_SHA1_96 )
| +-- Transform INTEG ( Name = AUTH_AES_XCBC_96 )
| +-- Transform ESN ( Name = ESNs )
| +-- Transform ESN ( Name = No ESNs )
|
+-- Proposal #2 ( Proto ID = ESP(3), SPI size = 4,
| 6 transforms, SPI = 0x35a1d6f2 )
|
+-- Transform ENCR ( Name = AES-GCM with a 8 octet ICV )
| +-- Attribute ( Key Length = 128 )
|
+-- Transform ENCR ( Name = AES-GCM with a 8 octet ICV )
| +-- Attribute ( Key Length = 256 )
|
+-- Transform ENCR ( Name = AES-GCM with a 8 octet ICV Implicit IV )
| +-- Attribute ( Key Length = 128 )
|
+-- Transform ENCR ( Name = AES-GCM with a 8 octet ICV Implicit IV )
| +-- Attribute ( Key Length = 256 )
|
+-- Transform ESN ( Name = ESNs )
+-- Transform ESN ( Name = No ESNs )
Or:
SA Payload
|
+-- Proposal #1 ( Proto ID = ESP(3), SPI size = 4,
| | 7 transforms, SPI = 0x052357bb )
| |
| +-- Transform ENCR ( Name = ENCR_AES_CBC )
| | +-- Attribute ( Key Length = 128 )
| |
| +-- Transform ENCR ( Name = ENCR_AES_CBC )
| | +-- Attribute ( Key Length = 192 )
| |
| +-- Transform ENCR ( Name = ENCR_AES_CBC )
| | +-- Attribute ( Key Length = 256 )
| |
| +-- Transform INTEG ( Name = AUTH_HMAC_SHA1_96 )
| +-- Transform INTEG ( Name = AUTH_AES_XCBC_96 )
| +-- Transform ESN ( Name = ESNs )
| +-- Transform ESN ( Name = No ESNs )
|
+-- Proposal #2 ( Proto ID = ESP(3), SPI size = 4,
| 6 transforms, SPI = 0x35a1d6f2 )
|
+-- Transform ENCR ( Name = AES-GCM with a 8 octet ICV )
| +-- Attribute ( Key Length = 128 )
|
+-- Transform ENCR ( Name = AES-GCM with a 8 octet ICV )
| +-- Attribute ( Key Length = 256 )
|
+-- Transform ENCR ( Name = AES-GCM with a 8 octet ICV )
| +-- Attribute ( Key Length = 128 )
| +-- Attribute ( Implicit = Yes )
|
+-- Transform ENCR ( Name = AES-GCM with a 8 octet ICV )
| +-- Attribute ( Key Length = 256 )
| +-- Attribute ( Implicit = Yes )
|
+-- Transform ESN ( Name = ESNs )
+-- Transform ESN ( Name = No ESNs )
where missing Implicit would mean same as Implicit = No.
The Transform ID version provides more compact encoding, and I think
it is cleaner.
If transform attribute version is used, that would provide easy way to
expand this for every cipher we have, i.e. including
ENCR_CAMELLIA_CCM, i.e. if we just say it is allowed for
ENCR_CAMELLIA_CCM too, then it can use it. For the Transform ID option
we need to allocate separate ID for ENCR_CAMELLIA_CCM_IIV to allow it
using implicit IV.
Transform IDs are fairly cheap, and I think it is better that we
explictly mention which ciphers can use this, and doing this by
allocating separate number for them is clean way of indicating that.
Otherwise we need table listing which attributes are allowed with
which cipher...
--
[email protected]
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
