RE: MUST implement AES-CBC for IPsec ESP
"Yaakov Stein" <yaakov_s@rad.com> Mon, 22 January 2007 11:26 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1H8xJr-0008PO-IR; Mon, 22 Jan 2007 06:26:35 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1H8xJn-0008PA-8L; Mon, 22 Jan 2007 06:26:31 -0500
Received: from mx2-012.rad.co.il ([212.199.240.16] helo=antivir2.rad.co.il) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1H8xJk-00062R-T2; Mon, 22 Jan 2007 06:26:31 -0500
Received: from exrad3.rad.co.il (HELO exrad3.ad.rad.co.il) ([192.114.24.112]) by antivir2.rad.co.il with ESMTP; 22 Jan 2007 13:26:21 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Mon, 22 Jan 2007 13:26:19 +0200
Message-ID: <457D36D9D89B5B47BC06DA869B1C815D030B2257@exrad3.ad.rad.co.il>
In-Reply-To: <45B28AFE.6090204@qualcomm.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: MUST implement AES-CBC for IPsec ESP
Thread-Index: Acc821KdU2W4+kMdRHC0W/eSTaSLswBPAe/w
From: Yaakov Stein <yaakov_s@rad.com>
To: Russ Housley <housley@vigilsec.com>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: bb8f917bb6b8da28fc948aeffb74aa17
Cc: ipsec@ietf.org, saag@mit.edu, ietf@ietf.org
Subject: RE: MUST implement AES-CBC for IPsec ESP
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Errors-To: ietf-bounces@ietf.org
Russ Housley wrote: > During the IETF Last Call for draft-manral-ipsec-rfc4305-bis-errata, > we received a comment that deserves wide exposure. > > For ESP encryption algorithms, the document that was sent out for Last > Call contains the following table: > > Requirement Encryption Algorithm (notes) > ----------- -------------------- > MUST NULL (1) > MUST- TripleDES-CBC [RFC2451] > SHOULD+ AES-CBC with 128-bit keys [RFC3602] > SHOULD AES-CTR [RFC3686] > SHOULD NOT DES-CBC [RFC2405] (3) > > The Last Call comment suggests changing the "SHOULD+" for AES-CBC to > "MUST." > > I support this proposed change, and I have asked the author to make > this change in the document that will be submitted to the IESG for > consideration on the Telechat on January 25th. If anyone has an > objection to this change, please speak now. Please send comments on > this proposed change to the iesg@ietf.org or ietf@ietf.org mailing > lists by 2007-01-24. > > Russ Housley > Security AD Strangely missing is AES/GCM [RFC4106]. SHOULDn't this be a SHOULD ? Y(J)S _______________________________________________ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
- MUST implement AES-CBC for IPsec ESP Russ Housley
- Re: MUST implement AES-CBC for IPsec ESP Lakshminath Dondeti
- RE: MUST implement AES-CBC for IPsec ESP Lawrence Rosen
- [Ipsec] Re: MUST implement AES-CBC for IPsec ESP Paul Hoffman
- Re: MUST implement AES-CBC for IPsec ESP Steven M. Bellovin
- Re: MUST implement AES-CBC for IPsec ESP Steven M. Bellovin
- Re: MUST implement AES-CBC for IPsec ESP Lakshminath Dondeti
- RE: MUST implement AES-CBC for IPsec ESP Contreras, Jorge
- RE: MUST implement AES-CBC for IPsec ESP Lawrence Rosen
- RE: MUST implement AES-CBC for IPsec ESP Yaakov Stein
- RE: MUST implement AES-CBC for IPsec ESP Russ Housley
- Re: [saag] MUST implement AES-CBC for IPsec ESP Nicolas Williams
- Re: [Ipsec] RE: MUST implement AES-CBC for IPsec … Vishwas Manral
- Re: [Ipsec] Re: MUST implement AES-CBC for IPsec … Bart Preneel