Re: [Pana] Fwd: New Version Notification for draft-yegin-pana-encr-avp-01.txt

Tue, 10 Apr 2012 03:28:54 -0700 

Tanaka-san,
Thank you for your comments. I have responded inline, bracketed by <RCC></RCC>. 

Robert

On 26/03/2012 7:00 AM, Yasuyuki Tanaka wrote:

Hi,

I've read the draft and I have four comments. Please see them below.

Best,
Yasuyuki Tanaka

---------------------------------------------------------------------

(1) Section 3
I found a typo in the last sentence.

>   The length of PANA_ENCR_KEY depends on the integrity algorithm in
>   use.

should be

    The length of PANA_ENCR_KEY depends on the *encryption* algorithm in
    use.

<RCC>Agreed, good catch.</RCC>


---------------------------------------------------------------------

(2) Section 4
I've not found text about key size of AES to be used for
AES_CTR. Probably 128-bit is assumed.

It would be better to clarify the key size to be used for the
algorithm and to use "AES128_CTR" or something instead of "AES_CTR".

<RCC>Agreed.</RCC>


---------------------------------------------------------------------

(3) Section 4
The definition of "q" is different between the draft and NIST
SP800-38C. In this draft, "q" is defined as "octet length of message
length field." But in NIST SP800-38C, "q" is defined as "The octet
length of the binary representation of the octet length of the
payload."

In addition, I don't realize what 'length of message length field'
means... Why is "q" 3? The length of "Message Length" field of PANA
Message Header is 2 octets...

Anyway, I think the following part might cause some confusion.

>      AES-CTR (Counter) encryption algorithm as specified in
>      [NIST_SP800_38A].  The formatting function and counter generation
>      function as specified in Appendix A of [NIST_SP800_38C] are used,
>      with the following parameters:
>
>
>            n, octet length of nonce, is 12.
>            q, octet length of message length field, is 3.

IMHO, it's better to say just "q is 3" as the definition of "q".

<RCC>Agreed. It was chosen at 3 to be consistent with the use of CCM in 
the proposed TLS cipher suites.</RCC>


---------------------------------------------------------------------

(4) Section 4
It would be very helpful to provide an example of the first counter.

When Key-Id is 0x55667788, Session ID is 0xaabbccdd, and Sequence
Number is 0x11223344, the correct first counter is
0x0255667788aabbccdd11223344000001. is it correct?

<RCC>That is correct. I will include the example as given.</RCC>




Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature


_______________________________________________
Pana mailing list
Pana@ietf.org
https://www.ietf.org/mailman/listinfo/pana






















					Reply via email to