Re: [IPsec] Working Group Last Call: draft-ietf-ipsecme-esp-ah-reqts

"Valery Smyslov" <svanru@gmail.com> Sat, 08 March 2014 13:42 UTC

Return-Path: <svanru@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E85181A0233 for <ipsec@ietfa.amsl.com>; Sat, 8 Mar 2014 05:42:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.561
X-Spam-Level:
X-Spam-Status: No, score=-1.561 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001, STOX_REPLY_TYPE=0.439] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jWCuiTfyTM4g for <ipsec@ietfa.amsl.com>; Sat, 8 Mar 2014 05:42:14 -0800 (PST)
Received: from mail-lb0-x22f.google.com (mail-lb0-x22f.google.com [IPv6:2a00:1450:4010:c04::22f]) by ietfa.amsl.com (Postfix) with ESMTP id 6F6EF1A00FC for <ipsec@ietf.org>; Sat, 8 Mar 2014 05:42:14 -0800 (PST)
Received: by mail-lb0-f175.google.com with SMTP id w7so3559435lbi.34 for <ipsec@ietf.org>; Sat, 08 Mar 2014 05:42:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:from:to:references:in-reply-to:subject:date:mime-version :content-type:content-transfer-encoding:importance; bh=6L0Yv8yrrsRFRiD3mnK7cjUGTESqlRMZdKg1kpK0xZ0=; b=YNpayeM4qseAH+25wW2QJ3rcchTzK0ZBqUj6CcffOVodT++lNDkwk3ozG4FFgggvJG 9C/mlqgoEAgaXrkcFMGikeLiVX4mwIrCkAAEKbdoqVK5ze0E7MGxDUPQWmu2uC67G6JT T8F8G8jd5OLOJVwP8KS3tEwrXyATABYyuaZ+oKxxv2tcmu3J22R9MO5K9RCZiJQqtuGK 9YPKMJC6UYCdY93CumVelR2gXmBMpHZ+nex7xVpvyqvommA549y6OA5ROczvRe9vBhaH nSmNzQrp+OH/mOv4BUJbEfk/9k0qxT9iwo4C5ENc3QDgYiVuhyq1kn1N5GRma1uDSapn ARxQ==
X-Received: by 10.112.201.164 with SMTP id kb4mr14937818lbc.32.1394286129199; Sat, 08 Mar 2014 05:42:09 -0800 (PST)
Received: from chichi (ppp85-141-227-1.pppoe.mtu-net.ru. [85.141.227.1]) by mx.google.com with ESMTPSA id sx1sm19644104lac.1.2014.03.08.05.42.07 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sat, 08 Mar 2014 05:42:08 -0800 (PST)
Message-ID: <F0CBAB29BB534391ACAEE7CFF7468063@chichi>
From: "Valery Smyslov" <svanru@gmail.com>
To: "Paul Hoffman" <paul.hoffman@vpnc.org>, "ipsec" <ipsec@ietf.org>
References: <530CE583.6030801@gmail.com> <9618756DDA9C407AB0DC06AC207FD394@buildpc> <1CD15B55-CB5D-4107-99BB-E2BF2F7A8760@vpnc.org>
In-Reply-To: <1CD15B55-CB5D-4107-99BB-E2BF2F7A8760@vpnc.org>
Date: Sat, 8 Mar 2014 17:42:02 +0400
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 16.4.3522.110
X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3522.110
Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/-mKFNX4cu-ZMomZJGhSnUZmDGc8
Subject: Re: [IPsec] Working Group Last Call: draft-ietf-ipsecme-esp-ah-reqts
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Mar 2014 13:42:16 -0000

Hi Paul,

> > The draft lists the following trasforms based on AES cipher:
> >
> > AES-GCM
> > AES-CCM
> > AES-CTR
> > AES-128-CBC
> > AES-GMAC
> > AES-XCBC-MAC-96
> >
> > All these transforms, except for AES-XCBC-MAC-96,
> > allows to be used with different key lengths - 128, 192 and 256 bits.
> > It looks strange to me that, unlike the others, AES-128-CBC
> > has key length explicitely specified in the draft. Why it differs in
> > this respect from the others? What about AES-192-CBC and
> > AES-256-CBC - are they also "MUST" or "MAY"? Or even "MUST NOT"? :-)
> >
> > I think the draft should either:
> > - remove explicit key length from AES-128-CBC and make it just AES-CBC
> > - add explicit key length to all other AES-based transforms (except for 
> > AES-XCBC-MAC-96)
> > - leave things as is, but explain why AES-CBC differs in this respect 
> > from the others
>
> The next draft changes AES-128-CBC to AES-CBC, and says:
>
> In the following sections, all AES modes are for 128-bit AES. 192-bit AES
> MAY be supported for those modes, but the requirements here are for 
> 128-bit AES.

And please, add the same words for 256-bit AES as for 192-bits AES.

Regards,
Valery.

> --Paul Hoffman