Hi,
I've read the draft and I have four comments. Please see them below.
Best,
Yasuyuki Tanaka
---------------------------------------------------------------------
(1) Section 3
I found a typo in the last sentence.
> The length of PANA_ENCR_KEY depends on the integrity algorithm in
> use.
should be
The length of PANA_ENCR_KEY depends on the *encryption* algorithm in
use.
---------------------------------------------------------------------
(2) Section 4
I've not found text about key size of AES to be used for
AES_CTR. Probably 128-bit is assumed.
It would be better to clarify the key size to be used for the
algorithm and to use "AES128_CTR" or something instead of "AES_CTR".
---------------------------------------------------------------------
(3) Section 4
The definition of "q" is different between the draft and NIST
SP800-38C. In this draft, "q" is defined as "octet length of message
length field." But in NIST SP800-38C, "q" is defined as "The octet
length of the binary representation of the octet length of the
payload."
In addition, I don't realize what 'length of message length field'
means... Why is "q" 3? The length of "Message Length" field of PANA
Message Header is 2 octets...
Anyway, I think the following part might cause some confusion.
> AES-CTR (Counter) encryption algorithm as specified in
> [NIST_SP800_38A]. The formatting function and counter generation
> function as specified in Appendix A of [NIST_SP800_38C] are used,
> with the following parameters:
>
>
> n, octet length of nonce, is 12.
> q, octet length of message length field, is 3.
IMHO, it's better to say just "q is 3" as the definition of "q".
---------------------------------------------------------------------
(4) Section 4
It would be very helpful to provide an example of the first counter.
When Key-Id is 0x55667788, Session ID is 0xaabbccdd, and Sequence
Number is 0x11223344, the correct first counter is
0x0255667788aabbccdd11223344000001. is it correct?
---------------------------------------------------------------------
(2012/03/16 20:04), Robert Cragie wrote:
I would like to move this forward so I am soliciting any comments from
the PANA mailing list.
Thanks
Robert
-------- Original Message --------
Subject: New Version Notification for draft-yegin-pana-encr-avp-01.txt
Date: Wed, 04 Jan 2012 01:53:07 -0800
From: internet-dra...@ietf.org
To: alper.ye...@yegin.org
CC: robert.cra...@gridmerge.com, alper.ye...@yegin.org
A new version of I-D, draft-yegin-pana-encr-avp-01.txt has been successfully
submitted by Alper Yegin and posted to the IETF repository.
Filename: draft-yegin-pana-encr-avp
Revision: 01
Title: Encrypting PANA AVPs
Creation date: 2012-01-04
WG ID: Individual Submission
Number of pages: 8
Abstract:
This document specifies a mechanism for delivering PANA (Protocol for
Carrying Authentication for Network Access) AVPs (Attribute-Value
Pairs) in encrypted form.
The IETF Secretariat
_______________________________________________
Pana mailing list
Pana@ietf.org
https://www.ietf.org/mailman/listinfo/pana
_______________________________________________
Pana mailing list
Pana@ietf.org
https://www.ietf.org/mailman/listinfo/pana
