Hi, It's a bit late, since WGLC for the draft is already over, but hope it's not too late.
While re-reading of the draft I realized, that it's completely silent on the necessity of Key Length attribute in newly defined transforms. AES accepts keys of different sizes, so there must be a way to negotiate key length (by including key length attribute). Currently the draft completely ignores this issue, that may lead to interoperability problems. I suggest either to copy-paste relevant text from any other AES-transform related RFC (e.g. 4106 or 5282), or make it a bit smarter: make a key length attribute optional and define a default key length for the case when it is absent (e.g. 256 bits). It'll allow us to save few bytes by omitting attribute for most common cases. Either way, something should be added to the draft to remove current ambiguity (this issue seems to not be concerned with Chacha20, which is defined with 256 bit key only). Regards, Valery. _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
