Timothy Carlin writes:
> My comments:
>
> * Section 4 mentions that that 256-bit keys are raised to the SHOULD level.
> Should this read as these are now the MUST level as ENCR_AES_CBC and
> ENCR_AES_GCM_16 are at the MUST level according to Table 1 (with the [1]
> endnote)?
Yes, I think this is inconsistancy caused by last edits, i.e., when we
changed the 256-bit keys to MUST, we only edited the footnote, and
missed the text in section 4.
So correct change is:
OLD:
In that sense 256 bit keys
status has been raised from MAY in RFC7321 to SHOULD.
NEW:
In that sense 256 bit keys
status has been raised from MAY in RFC7321 to MUST.
> * Section 5 mentions ENCR_NULL_AUTH_AES_GMAC, which is not
> referenced anywhere in the document. Should it be added to Table 1
> at the MUST level?
No. It is MAY level algorithm, just like the AUTH_AES_128_GMAC and
AUTH_AES_256_GMAC algorithms. The reason those AUTH_AES_{128,256}_GMAC
algorithms are listed here is, that they used to be SHOULD+, and are
now downgraded to MAY.
The ENCR_NULL_AUTH_AES_GMAC has been MAY, and will be MAY, so it is
not mentioned in the section 4.
Your text edits seemed to be fine.
--
[email protected]
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
