I'm sponsoring this self-reviewed case for Dan McDonald and have marked
it "closed approved automatic".
(Process note: If anyone believes that this doesn't qualify for
self-review please speak up ASAP).
Description
-----------
SHA-2 specifies three secure hash algorithms with outputs of 256, 384, and
512 bits. These are already available in the Solaris Cryptographic
Framework, as well as being available in HMAC variants that make them
suitable for use in IPsec.
This project will enable support for sha256, sha384, and sha512 in IPsec's AH
and ESP, as well as IKE. Like previous new-algorithm cases (e.g. 2007/409),
the proposed interface taxonomy is Committed, and the proposed release
binding is Micro/Patch.
The following programs/files that accept algorithm parameters:
ipseckey(1M)
ipsecconf(1M)
ike.config(4)
will now accept hmac-sha{256,384,512} and variants. See man page RFEs
6642856 and 6642860.
This project will also increase our interoperability with other platforms
(e.g. Vista SP1 and Linux), as well as increase our security (hashes are
stronger than MD5 or SHA-1).
Internet RFCs
-------------
RFC 4868 - Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec
