Re: [HOKEY] Change proposal for ERP-AAK - 4: Cryptosuite
Glen Zorn <glenzorn@gmail.com> Wed, 05 October 2011 10:05 UTC
Return-Path: <glenzorn@gmail.com>
X-Original-To: hokey@ietfa.amsl.com
Delivered-To: hokey@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED2CC21F8BD5 for <hokey@ietfa.amsl.com>; Wed, 5 Oct 2011 03:05:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lXMlfvJ0HKKP for <hokey@ietfa.amsl.com>; Wed, 5 Oct 2011 03:05:35 -0700 (PDT)
Received: from mail-qy0-f172.google.com (mail-qy0-f172.google.com [209.85.216.172]) by ietfa.amsl.com (Postfix) with ESMTP id 378D521F8BCD for <hokey@ietf.org>; Wed, 5 Oct 2011 03:05:35 -0700 (PDT)
Received: by qyk32 with SMTP id 32so3593491qyk.10 for <hokey@ietf.org>; Wed, 05 Oct 2011 03:08:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=mGKPNsBErdp0mvg4HEYlFUMnP/PepAu9tP/5odj30WY=; b=I0mOljwzLGeLUqm2qqYkzxfnc4v0aUiR9AFeP4tzH+BKdppy5RtvIH5aFMwgnYeRS7 IWrC7BHjb3WRE3U87iBHRHU1rEg0TVf9DFP0cVmJUWt5InsyRMeD14Z1jfirguaKL3Pm X7hHhgpWDAoUHKlGssrbYuHU40ZKsx8rJxsJA=
Received: by 10.229.61.73 with SMTP id s9mr1803828qch.230.1317809322202; Wed, 05 Oct 2011 03:08:42 -0700 (PDT)
Received: from [192.168.1.98] (ppp-58-11-240-156.revip2.asianet.co.th. [58.11.240.156]) by mx.google.com with ESMTPS id eo3sm1408165qab.18.2011.10.05.03.08.38 (version=SSLv3 cipher=OTHER); Wed, 05 Oct 2011 03:08:40 -0700 (PDT)
Message-ID: <4E8C2CA4.4030202@gmail.com>
Date: Wed, 05 Oct 2011 17:08:36 +0700
From: Glen Zorn <glenzorn@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1
MIME-Version: 1.0
To: Qin Wu <bill.wu@huawei.com>
References: <B524A026157341B4985D2CC8ED97CD04@china.huawei.com>
In-Reply-To: <B524A026157341B4985D2CC8ED97CD04@china.huawei.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: hokey@ietf.org
Subject: Re: [HOKEY] Change proposal for ERP-AAK - 4: Cryptosuite
X-BeenThere: hokey@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: HOKEY WG Mailing List <hokey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hokey>, <mailto:hokey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hokey>
List-Post: <mailto:hokey@ietf.org>
List-Help: <mailto:hokey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Oct 2011 10:05:36 -0000
On 9/29/2011 4:55 PM, Qin Wu wrote: > Hi, > I notice we didn't assign TLV type values from the registry of EAP > Initiate and Finish Attributes for Cryptosuite. > That is becos we reuse Cryptosuite TLV payload defined in the RFC5296, > however it doesn't look clear about this > in the new version of draft-ietf-hokey-erp-aak, therefore I propose to > do the following change: > > OLD TEXT: > " > List of Cryptosuites: This is a sub-TLV payload. The Type is TBD. > The value field contains a list of cryptosuites, each 1 octet in > length. The allowed cryptosuite values are as specified in > Section 5.2 > <http://tools.ietf.org/html/draft-ietf-hokey-erp-aak-05#section-5.2>, > above. The server SHOULD include this attribute if > the cryptosuite used in the EAP-Initiate/Re-auth message was not > acceptable and the message is being rejected. The server MAY > include this attribute in other cases. The server MAY use this > attribute to signal to the peer about its cryptographic algorithm > capabilities. > > " > NEW TEXT: > " > > List of Cryptosuites: This is a sub-TLV payload defined in RFC5296 > with the type 5. > > The value field contains a list of cryptosuites, each 1 octet in > > length. The allowed cryptosuite values are as specified in > > Section 5.2, above. The server SHOULD include this attribute if > > the cryptosuite used in the EAP-Initiate/Re-auth message was not > > acceptable and the message is being rejected. The server MAY > > include this attribute in other cases. The server MAY use this > > attribute to signal to the peer about its cryptographic algorithm > > capabilities. > > " Looks good to me. ...