Tanaka-san,Thank you for your comments. I have responded inline, bracketed by <RCC></RCC>.
Robert On 26/03/2012 7:00 AM, Yasuyuki Tanaka wrote:
Hi, I've read the draft and I have four comments. Please see them below. Best, Yasuyuki Tanaka --------------------------------------------------------------------- (1) Section 3 I found a typo in the last sentence. > The length of PANA_ENCR_KEY depends on the integrity algorithm in > use. should be The length of PANA_ENCR_KEY depends on the *encryption* algorithm in use.
<RCC>Agreed, good catch.</RCC>
--------------------------------------------------------------------- (2) Section 4 I've not found text about key size of AES to be used for AES_CTR. Probably 128-bit is assumed. It would be better to clarify the key size to be used for the algorithm and to use "AES128_CTR" or something instead of "AES_CTR".
<RCC>Agreed.</RCC>
<RCC>Agreed. It was chosen at 3 to be consistent with the use of CCM in the proposed TLS cipher suites.</RCC>--------------------------------------------------------------------- (3) Section 4 The definition of "q" is different between the draft and NIST SP800-38C. In this draft, "q" is defined as "octet length of message length field." But in NIST SP800-38C, "q" is defined as "The octet length of the binary representation of the octet length of the payload." In addition, I don't realize what 'length of message length field' means... Why is "q" 3? The length of "Message Length" field of PANA Message Header is 2 octets... Anyway, I think the following part might cause some confusion. > AES-CTR (Counter) encryption algorithm as specified in > [NIST_SP800_38A]. The formatting function and counter generation > function as specified in Appendix A of [NIST_SP800_38C] are used, > with the following parameters: > > > n, octet length of nonce, is 12. > q, octet length of message length field, is 3. IMHO, it's better to say just "q is 3" as the definition of "q".
--------------------------------------------------------------------- (4) Section 4 It would be very helpful to provide an example of the first counter. When Key-Id is 0x55667788, Session ID is 0xaabbccdd, and Sequence Number is 0x11223344, the correct first counter is 0x0255667788aabbccdd11223344000001. is it correct?
<RCC>That is correct. I will include the example as given.</RCC>
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Pana mailing list Pana@ietf.org https://www.ietf.org/mailman/listinfo/pana