> Thanks for doing this. Great to see folks incorporating such > things where we can and I'll be interested to see how the > experiments with this pan out.
Thanks yet again for another review Stephen. We incorporated such things due to you allowing me to present to the SAAG a couple of years ago and how helpful people were in general. It was a good idea by Joel to get you guys to be involved in the design early in the process. > - intro: (nit) "PKI infrastructure" - the I in PKI > already means infrastructure:-) > > - intro: (another nit) I don't get why " o Packet > transport is optimized due to less packet headers. > Packet loss is reduced by a more efficient key exchange." > is true. Less bandwidth utilization both inside of a router and on its external links. > - 3: (more nittyness:) AEAD is defined in RFC5116. Put the reference in on the first occurence of AEAD. > - section 6 non-nit: I don't see why you want cipher > suites 1, 2 and 4. The set of 3,5 and 6 seems to me like > it'd be plenty. If it's not too late, I'd encourage you > to either drop 1,2 and 4 or say those are OPTIONAL and > 3,5 and 6 are RECOMMENDED. We had a lot of discussion about this. And consulted a few crypto folks. We wanted smaller key sizes for devices that were CPU challenged. And we wanted DH and ECDH for simpler implementation choices. Cipher Suite 4 with key size 3072 with GCM was a strong comment we received. We are experimenting to see which ones, in time, will be the most popular. So I would like to leave as is. > - section 7: I think you should embed the KDF into the > cipher suite. It's ok to only have one KDF now, but later > you may want others and it's fairly easy to include the > KDF as part of the definition of the ciphersuite. I will add the KDF to section 6 to each of the Cipher Suites and make it the same for now. Thanks, a good suggestion. > - section 7: Why didn't you choose RFC 5869 for the KDF? > That's a more accessible reference I think and just as > good. Brian? Dino _______________________________________________ lisp mailing list lisp@ietf.org https://www.ietf.org/mailman/listinfo/lisp