> Thanks for doing this. Great to see folks incorporating such
> things where we can and I'll be interested to see how the
> experiments with this pan out.

Thanks yet again for another review Stephen. We incorporated such things due to 
you allowing me to present to the SAAG a couple of years ago and how helpful 
people were in general. It was a good idea by Joel to get you guys to be 
involved in the design early in the process.

> - intro: (nit) "PKI infrastructure" - the I in PKI
> already means infrastructure:-)
> - intro: (another nit) I don't get why " o  Packet
> transport is optimized due to less packet headers.
> Packet loss is reduced by a more efficient key exchange."
> is true.

Less bandwidth utilization both inside of a router and on its external links.

> - 3: (more nittyness:) AEAD is defined in RFC5116.

Put the reference in on the first occurence of AEAD.

> - section 6 non-nit: I don't see why you want cipher
> suites 1, 2 and 4. The set of 3,5 and 6 seems to me like
> it'd be plenty. If it's not too late, I'd encourage you
> to either drop 1,2 and 4 or say those are OPTIONAL and
> 3,5 and 6 are RECOMMENDED.

We had a lot of discussion about this. And consulted a few crypto folks. We 
wanted smaller key sizes for devices that were CPU challenged. And we wanted DH 
and ECDH for simpler implementation choices. Cipher Suite 4 with key size 3072 
with GCM was a strong comment we received.

We are experimenting to see which ones, in time, will be the most popular. So I 
would like to leave as is.

> - section 7: I think you should embed the KDF into the
> cipher suite. It's ok to only have one KDF now, but later
> you may want others and it's fairly easy to include the
> KDF as part of the definition of the ciphersuite.

I will add the KDF to section 6 to each of the Cipher Suites and make it the 
same for now. Thanks, a good suggestion.

> - section 7: Why didn't you choose RFC 5869 for the KDF?
> That's a more accessible reference I think and just as
> good.



lisp mailing list

Reply via email to