Re: [Ipsec] Comments about draft-solinas-ui-suites-00
Scott G Kelly <scott@hyperthought.com> Mon, 11 December 2006 14:18 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gtlyq-0003cA-N9; Mon, 11 Dec 2006 09:18:08 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gtlyp-0003Zi-Vs for Ipsec@ietf.org; Mon, 11 Dec 2006 09:18:07 -0500
Received: from alnrmhc14.comcast.net ([206.18.177.54]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GtlyV-0001O9-44 for Ipsec@ietf.org; Mon, 11 Dec 2006 09:18:07 -0500
Received: from [192.168.128.4] (c-24-6-207-154.hsd1.ca.comcast.net[24.6.207.154]) by comcast.net (alnrmhc14) with ESMTP id <20061211141745b1400mja3ie>; Mon, 11 Dec 2006 14:17:46 +0000
Message-ID: <457D6888.7020304@hyperthought.com>
Date: Mon, 11 Dec 2006 06:17:44 -0800
From: Scott G Kelly <scott@hyperthought.com>
User-Agent: Thunderbird 1.5.0.8 (X11/20061025)
MIME-Version: 1.0
To: Pasi.Eronen@nokia.com
Subject: Re: [Ipsec] Comments about draft-solinas-ui-suites-00
References: <B356D8F434D20B40A8CEDAEC305A1F240381F7F3@esebe105.NOE.Nokia.com>
In-Reply-To: <B356D8F434D20B40A8CEDAEC305A1F240381F7F3@esebe105.NOE.Nokia.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 9466e0365fc95844abaf7c3f15a05c7d
Cc: Ipsec@ietf.org, lelaw@orion.ncsc.mil
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IP Security <ipsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
Errors-To: ipsec-bounces@ietf.org
FYI, we're updating draft-kelly-ipsec-ciph-sha2 to include sha-{384,512}
per Steve Bellovin's review comments. Hopefully, that will be
available later this week.
Pasi.Eronen@nokia.com wrote:
> A couple of minor comments about this draft:
>
> 1) The document needs a reference to draft-kelly-ipsec-ciph-sha2,
> which specifies how to use SHA-256 with IPsec.
>
> 2) Currently draft-kelly-ipsec-ciph-sha2 specifies only SHA-256
> based integrity/PRF algorithms, but not SHA-384 or SHA-512, so
> "Suite-B-GCM-256" and "Suite-B-GMAC-256" are not actually
> implementable using currently existing documents.
>
> 3) Given that SHA-384 is basically SHA-512 truncated to 384 bits
> (and with different IV), do we really need e.g. a SHA-384 based
> PRF for IKEv2? Wouldn't it be simpler just to use SHA-512?
> (There are applications where using SHA-384 may make sense, but
> I'm not sure IKEv2 PRF is one of them...)
>
> Best regards,
> Pasi
>
> _______________________________________________
> Ipsec mailing list
> Ipsec@ietf.org
> https://www1.ietf.org/mailman/listinfo/ipsec
>
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec
- [Ipsec] Comments about draft-solinas-ui-suites-00 Pasi.Eronen
- Re: [Ipsec] Comments about draft-solinas-ui-suite… Scott G Kelly
- Re: [Ipsec] Comments about draft-solinas-ui-suite… Russ Housley