Hi, I've read the draft and I have four comments. Please see them below.
Best, Yasuyuki Tanaka --------------------------------------------------------------------- (1) Section 3 I found a typo in the last sentence. > The length of PANA_ENCR_KEY depends on the integrity algorithm in > use. should be The length of PANA_ENCR_KEY depends on the *encryption* algorithm in use. --------------------------------------------------------------------- (2) Section 4 I've not found text about key size of AES to be used for AES_CTR. Probably 128-bit is assumed. It would be better to clarify the key size to be used for the algorithm and to use "AES128_CTR" or something instead of "AES_CTR". --------------------------------------------------------------------- (3) Section 4 The definition of "q" is different between the draft and NIST SP800-38C. In this draft, "q" is defined as "octet length of message length field." But in NIST SP800-38C, "q" is defined as "The octet length of the binary representation of the octet length of the payload." In addition, I don't realize what 'length of message length field' means... Why is "q" 3? The length of "Message Length" field of PANA Message Header is 2 octets... Anyway, I think the following part might cause some confusion. > AES-CTR (Counter) encryption algorithm as specified in > [NIST_SP800_38A]. The formatting function and counter generation > function as specified in Appendix A of [NIST_SP800_38C] are used, > with the following parameters: > > > n, octet length of nonce, is 12. > q, octet length of message length field, is 3. IMHO, it's better to say just "q is 3" as the definition of "q". --------------------------------------------------------------------- (4) Section 4 It would be very helpful to provide an example of the first counter. When Key-Id is 0x55667788, Session ID is 0xaabbccdd, and Sequence Number is 0x11223344, the correct first counter is 0x0255667788aabbccdd11223344000001. is it correct? --------------------------------------------------------------------- (2012/03/16 20:04), Robert Cragie wrote:
I would like to move this forward so I am soliciting any comments from the PANA mailing list. Thanks Robert -------- Original Message -------- Subject: New Version Notification for draft-yegin-pana-encr-avp-01.txt Date: Wed, 04 Jan 2012 01:53:07 -0800 From: internet-dra...@ietf.org To: alper.ye...@yegin.org CC: robert.cra...@gridmerge.com, alper.ye...@yegin.org A new version of I-D, draft-yegin-pana-encr-avp-01.txt has been successfully submitted by Alper Yegin and posted to the IETF repository. Filename: draft-yegin-pana-encr-avp Revision: 01 Title: Encrypting PANA AVPs Creation date: 2012-01-04 WG ID: Individual Submission Number of pages: 8 Abstract: This document specifies a mechanism for delivering PANA (Protocol for Carrying Authentication for Network Access) AVPs (Attribute-Value Pairs) in encrypted form. The IETF Secretariat _______________________________________________ Pana mailing list Pana@ietf.org https://www.ietf.org/mailman/listinfo/pana
_______________________________________________ Pana mailing list Pana@ietf.org https://www.ietf.org/mailman/listinfo/pana