Roman Danyliw has entered the following ballot position for draft-ietf-ipsecme-implicit-iv-07: No Objection
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-ipsecme-implicit-iv/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- ** I support the DISCUSS position held by Ben Kaduk. (Derived from Magnus Nystrom’s SECDIR review) The abstract, Section 2, Section 4 and Section 7 make references to AES-GCM, AES-CCM, AES-CTR and ChaCha20-Poly1305 (four algorithms). However, Section 4 also states “This document solely defines the IV generation of the algorithms defined in [RFC4106] for AES-GCM, [RFC4309] for AES-CCM and [RFC7634] for ChaCha20-Poly1305” (i.e., AES-CTR is missing). Likewise, no new code point is assigned for AES-CTR in Section 8. If AES-CTR is not in scope, then please don’t mention it in the draft. If it was missed from Section 4 and 8, please add it. ** Section 7. I’m having difficulty reconciling these two sentences: (1) Nonce generation for these algorithms has not been explicitly defined.” (2) This document provides an explicit and normative way to generate IVs. Isn’t this text saying the Nonce = Sequence number = IV? ** Section 7. Editorial. s/the IV is not allowed being repeated for one particular key./the IV is not allowed to be repeated for a particular key./ ** Section 7. Editorial. s/The Message-ID field in IKEv2 header is somewhat counterpart of SN field in ESP header, but recent …/The Message-ID field in IKEv2 header is similar to the SN field in ESP header. However recent …/ _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
