On Tue, Aug 30, 2016 at 9:38 AM, Stephen Farrell <[email protected]> wrote: > Stephen Farrell has entered the following ballot position for > charter-ietf-ipsecme-10-00: Yes > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/charter-ietf-ipsecme/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > > There are some typos (s/MIT/MTI) and bits of English that > need to be tidied up.
I went ahead and changed the one instance of MIT to MTI, thanks for catching that. I also read through through the English as well again and suggest changing the second to last paragraph to the following: Currently, widely used counter mode based ciphers send both the ESP sequence number and IV in form of counter, as they are very commonly the same. There has been interest to work on a document that will compress the packet and derive IV from the sequence number instead of sending it in separate field. The working group will specify how this compression can be negotiated in the IKEv2, and specify how the encryption algorithm and ESP format is used in this case. > > I have a suggestion about this bit of work: > > "IKEv1 using shared secret authentication was partially resistance to > quantum computers. IKEv2 removed this feature to make the protocol > more usable. The working group will add a mode to IKEv2 or otherwise > modify IKEv2 to have similar quantum resistant properties than IKEv1 > had." > > My suggestion is twofold: > > 1) - s/will add/will consider adding/ > > and to add to the end: > > 2) "In doing this work the WG will consider ongoing work on > quantum-resistance > in the CFRG, and whether it is better to re-instate the same level of > resistance > that was present in IKEv1 or to wait for more recent work (e.g. in CFRG) > to > mature." > > The reason I suggest this is that it's possible the WG might conclude > that > it's better to wait for some newer QR stuff from CFRG. The current > wording > seems to commit the WG to firing ahead anyway, and we might overall be > better if there are fewer QR mechanisms proposed, rather than adding > some > now when it might be better to wait a while longer. I'll leave this text alone from the WG response, at least for now. Being able to work on it in months makes sense even if it isn't the best long term solution. Thanks, Kathleen > > -- Best regards, Kathleen _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
