Not a problem. Thanks for the feedback! Dave
From: Timothy Carlin [mailto:[email protected]] Sent: Monday, January 30, 2017 4:05 PM To: Waltermire, David A. (Fed) <[email protected]> Cc: Tero Kivinen <[email protected]>; [email protected] Subject: Re: [IPsec] Review of draft-ietf-ipsecme-rfc7321bis-01 Hi Dave, Yes, I believe they have been addressed. Thanks for checking in, my apologies for not confirming sooner. Best Regards, Tim Carlin On Mon, Jan 30, 2017 at 3:54 PM, Waltermire, David A. (Fed) <[email protected]<mailto:[email protected]>> wrote: >From what I can tell, addressing this feedback is the only thing that needs to >be done before progressing this draft to the IESG for publication. Tim, Did Tero's response address your concerns? Tero, Are you or the other authors planning to post an update based on this feedback? Thanks, Dave > -----Original Message----- > From: IPsec [mailto:[email protected]<mailto:[email protected]>] On > Behalf Of Tero Kivinen > Sent: Thursday, January 12, 2017 8:03 AM > To: Timothy Carlin <[email protected]<mailto:[email protected]>> > Cc: [email protected]<mailto:[email protected]> > Subject: [IPsec] Review of draft-ietf-ipsecme-rfc7321bis-01 > > Timothy Carlin writes: > > My comments: > > > > * Section 4 mentions that that 256-bit keys are raised to the SHOULD > > level. Should this read as these are now the MUST level as > > ENCR_AES_CBC and > > ENCR_AES_GCM_16 are at the MUST level according to Table 1 (with the > > [1] endnote)? > > Yes, I think this is inconsistancy caused by last edits, i.e., when we changed > the 256-bit keys to MUST, we only edited the footnote, and missed the text > in section 4. > > So correct change is: > > OLD: > > In that sense 256 bit keys > status has been raised from MAY in RFC7321 to SHOULD. > > NEW: > > In that sense 256 bit keys > status has been raised from MAY in RFC7321 to MUST. > > > * Section 5 mentions ENCR_NULL_AUTH_AES_GMAC, which is not > referenced > > anywhere in the document. Should it be added to Table 1 at the MUST > > level? > > No. It is MAY level algorithm, just like the AUTH_AES_128_GMAC and > AUTH_AES_256_GMAC algorithms. The reason those > AUTH_AES_{128,256}_GMAC algorithms are listed here is, that they used to > be SHOULD+, and are now downgraded to MAY. > > The ENCR_NULL_AUTH_AES_GMAC has been MAY, and will be MAY, so it is > not mentioned in the section 4. > > Your text edits seemed to be fine. > -- > [email protected]<mailto:[email protected]> > > _______________________________________________ > IPsec mailing list > [email protected]<mailto:[email protected]> > https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
