>From what I can tell, addressing this feedback is the only thing that needs to >be done before progressing this draft to the IESG for publication.
Tim, Did Tero's response address your concerns? Tero, Are you or the other authors planning to post an update based on this feedback? Thanks, Dave > -----Original Message----- > From: IPsec [mailto:ipsec-boun...@ietf.org] On Behalf Of Tero Kivinen > Sent: Thursday, January 12, 2017 8:03 AM > To: Timothy Carlin <tjcar...@iol.unh.edu> > Cc: ipsec@ietf.org > Subject: [IPsec] Review of draft-ietf-ipsecme-rfc7321bis-01 > > Timothy Carlin writes: > > My comments: > > > > * Section 4 mentions that that 256-bit keys are raised to the SHOULD > > level. Should this read as these are now the MUST level as > > ENCR_AES_CBC and > > ENCR_AES_GCM_16 are at the MUST level according to Table 1 (with the > > [1] endnote)? > > Yes, I think this is inconsistancy caused by last edits, i.e., when we changed > the 256-bit keys to MUST, we only edited the footnote, and missed the text > in section 4. > > So correct change is: > > OLD: > > In that sense 256 bit keys > status has been raised from MAY in RFC7321 to SHOULD. > > NEW: > > In that sense 256 bit keys > status has been raised from MAY in RFC7321 to MUST. > > > * Section 5 mentions ENCR_NULL_AUTH_AES_GMAC, which is not > referenced > > anywhere in the document. Should it be added to Table 1 at the MUST > > level? > > No. It is MAY level algorithm, just like the AUTH_AES_128_GMAC and > AUTH_AES_256_GMAC algorithms. The reason those > AUTH_AES_{128,256}_GMAC algorithms are listed here is, that they used to > be SHOULD+, and are now downgraded to MAY. > > The ENCR_NULL_AUTH_AES_GMAC has been MAY, and will be MAY, so it is > not mentioned in the section 4. > > Your text edits seemed to be fine. > -- > kivi...@iki.fi > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
