Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-ikev2-02
Sean Shen <sean.s.shen@gmail.com> Fri, 23 October 2009 12:38 UTC
Return-Path: <sean.s.shen@gmail.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5CE303A6821 for <ipsec@core3.amsl.com>; Fri, 23 Oct 2009 05:38:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.053
X-Spam-Level:
X-Spam-Status: No, score=-2.053 tagged_above=-999 required=5 tests=[AWL=0.245, BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8MH-db1qyxiM for <ipsec@core3.amsl.com>; Fri, 23 Oct 2009 05:38:37 -0700 (PDT)
Received: from mail-pz0-f176.google.com (mail-pz0-f176.google.com [209.85.222.176]) by core3.amsl.com (Postfix) with ESMTP id 7C59E3A62C1 for <ipsec@ietf.org>; Fri, 23 Oct 2009 05:38:37 -0700 (PDT)
Received: by pzk6 with SMTP id 6so663975pzk.29 for <ipsec@ietf.org>; Fri, 23 Oct 2009 05:38:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=rZUcUnpu98rVHDhtG+Ry1+f0vaRX6XFmHSbTPwmb1fs=; b=wvsUK9JrRzTqs0STDEL2j7Lf2mnj0kV8UdtyPcN+JzwJ07IMNtIzXwHPN1WzgeLwEz ki6fBbqyYMCi7Ds+JLcpnL3rAtCtLycJGKTH5evc2ISq+xIINmauoD8i6PLiWmlaY6p/ Hg33+pN4WquFGmqZkNVpC0bMPi3zv7ZLIeIFY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=mI6G+SeDYgiPF72eRHU0evZvtTQ8/1Ndb5r4RGUbPmD/tM4wjFwD2IzU2aTjF41VOu JbAvxLoE5sdZ1JqJr52w74WMX6vkzEmntyG9CQUtaIfV5s2B9W6FzdJGoOvVGMxJ95t3 OQVMGy+3aAdIHReAidPGHb4h7hlMQGO2BVDbQ=
MIME-Version: 1.0
Received: by 10.115.99.4 with SMTP id b4mr16077921wam.88.1256301525568; Fri, 23 Oct 2009 05:38:45 -0700 (PDT)
In-Reply-To: <200910231143.NAA18006@TR-Sys.de>
References: <80b5a9190910230412of646dadx991f3f9cc19b8e84@mail.gmail.com> <200910231143.NAA18006@TR-Sys.de>
Date: Fri, 23 Oct 2009 20:38:45 +0800
Message-ID: <80b5a9190910230538h2a46e6e8i98235ea3529d45de@mail.gmail.com>
From: Sean Shen <sean.s.shen@gmail.com>
To: Alfred HÎnes <ah@tr-sys.de>
Content-Type: multipart/alternative; boundary="0016e648f0ae298e130476997eb9"
Cc: ipsec@ietf.org, Paul_Koning@dell.com, draft-ietf-ipsecme-aes-ctr-ikev2@cabernet.tools.ietf.org, kivinen@iki.fi
Subject: Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-ikev2-02
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Oct 2009 12:38:38 -0000
2009/10/23 Alfred HÎnes <ah@tr-sys.de> > Sean Shen wrote: > > > Section 2.2 says that "AES MUST use different rounds for each of the > > key sizes: ...". > > The draft is not trying to say that IKEv2 requires 10/12/14 rounds for > > 128/192/256 key lengths. The draft is not trying to say that AES-CTR > > requires 10/12/14 rounds for 128/192/256 key lengths. > > > > Sean > > > > ... > > The "MUST" still makes the difference! That is normative and does > NOT belong into this draft. Although that would still be regarded > out of scope of your draft, I would be more willing to accept an > _informative_ statement like: > > "Note: AES uses different rounds for each of the key sizes: ...". > ^^^^^^ ^^^^ [Sean] Correct, "MUST" is defined in key words conventions and should not be used here. I will dropt it. > But the most important topic remains: The draft is ill-advised in > pretending that the interface of AES -- or, btw, *any* currently > sensibly used block cipher primitive of reasonable strength -- > had an _external_ parameter "number of rounds" that upper protocol > (sub-)layers would need to have to deal with. > Otherwise, the "IKEv2 Transform Attribute Types" would have to > include an entry for "number of rounds", which it doesn't, and > you also do not aim at establishing such entry. > [Sean] The IKEv2 requirement in the draft is only about key lengths. I never pretended that the AES standard allows arbitary conbinations of key lengths and rounds. I checked the document again and noticed that in the second paragraph of section 2: "... The choices of Key Size, Rounds and Block Size are defined as following which are compatible with [RFC3686]." If this sentense misleads readers to think that users can choose all conbinations, I will rewrite it as: "... The choices of Key Size are defined as following which are compatible with [RFC3686]." Best Regards, Sean
- Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-… Sean Shen
- Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-… Shen Sean
- Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-… Tero Kivinen
- Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-… Shen Sean
- Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-… Paul Koning
- Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-… Tero Kivinen
- Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-… Sean Shen
- Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-… Alfred Hönes
- Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-… Sean Shen
- Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-… Alfred Hönes
- Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-… Alfred Hönes