Re: [Cfrg] request for review of IPsec ESP and AH Usage Guidance

"Blumenthal, Uri - 0558 - MITLL" <uri@ll.mit.edu> Wed, 03 July 2013 20:15 UTC

Return-Path: <prvs=0896c5b37e=uri@ll.mit.edu>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DA9111E80DF for <cfrg@ietfa.amsl.com>; Wed, 3 Jul 2013 13:15:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.348
X-Spam-Level:
X-Spam-Status: No, score=-6.348 tagged_above=-999 required=5 tests=[AWL=0.250, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A4aMNSh9ulI7 for <cfrg@ietfa.amsl.com>; Wed, 3 Jul 2013 13:15:12 -0700 (PDT)
Received: from mx2.ll.mit.edu (MX2.LL.MIT.EDU [129.55.12.46]) by ietfa.amsl.com (Postfix) with ESMTP id CD5B821F9A71 for <cfrg@irtf.org>; Wed, 3 Jul 2013 13:15:11 -0700 (PDT)
Received: from LLE2K7-HUB01.mitll.ad.local (LLE2K7-HUB01.mitll.ad.local) by mx2.ll.mit.edu (unknown) with ESMTP id r63KF5rP022423 for <cfrg@irtf.org>; Wed, 3 Jul 2013 16:15:10 -0400
From: "Blumenthal, Uri - 0558 - MITLL" <uri@ll.mit.edu>
To: "cfrg@irtf.org" <cfrg@irtf.org>
Date: Wed, 3 Jul 2013 16:15:07 -0400
Thread-Topic: [Cfrg] request for review of IPsec ESP and AH Usage Guidance
Thread-Index: Ac54KgR5Bp5MksUjSpeZL2/QMu067w==
Message-ID: <CDF9FE1E.16DD2%uri@ll.mit.edu>
In-Reply-To: <51D483E7.800@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.3.5.130515
acceptlanguage: en-US
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="B_3455712907_47302993"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.10.8794, 1.0.431, 0.0.0000 definitions=2013-07-03_10:2013-07-03, 2013-07-03, 1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1305240000 definitions=main-1307030175
Subject: Re: [Cfrg] request for review of IPsec ESP and AH Usage Guidance
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jul 2013 20:15:16 -0000

My preference would be "MUST AES-GMAC and SHOULD HMAC-SHA256" for both
ESP-auth-only and AH. (I personally don't think anything would go wrong
with AES-GMAC, but it doesn't hurt to cover our bases :)

Thanks!
--
Regards,
Uri Blumenthal




On 7/3/13 16:04 , "Yaron Sheffer" <yaronf.ietf@gmail.com> wrote:

>Or we could (COULD?) mandate both AES-GMAC and HMAC-256 at the SHOULD
>level for ESP-auth-only, to ensure that we have a fallback hash if
>something goes badly wrong with the primary choice.
>
>Thanks,
>	Yaron
>_______________________________________________
>Cfrg mailing list
>Cfrg@irtf.org
>http://www.irtf.org/mailman/listinfo/cfrg