Key length attribute and draft-ietf-ipsec-ikev2-08.txt
Tero Kivinen <kivinen@ssh.fi> Tue, 24 June 2003 19:46 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA07135 for <ipsec-archive@lists.ietf.org>; Tue, 24 Jun 2003 15:46:15 -0400 (EDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id NAA04980 Tue, 24 Jun 2003 13:25:34 -0400 (EDT)
X-Authentication-Warning: ryijy.hel.fi.ssh.com: kivinen set sender to kivinen@ssh.fi using -f
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <16120.35513.332017.12389@ryijy.hel.fi.ssh.com>
Date: Tue, 24 Jun 2003 20:30:33 +0300
From: Tero Kivinen <kivinen@ssh.fi>
To: ipsec@lists.tislabs.com
Subject: Key length attribute and draft-ietf-ipsec-ikev2-08.txt
X-Mailer: VM 7.07 under Emacs 20.7.1
Organization: SSH Communications Security Oy
X-Edit-Time: 8 min
X-Total-Time: 13 min
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
Content-Transfer-Encoding: 7bit
The IANA registry has allocated number 12 for the draft-ietf-ipsec-ciph-aes-cbc draft, and that is using the key length attribute to distinguish the 128, 192, and 256 bit keys. The current IKEv2 draft only defines the number 12 to be ENCR_AES_128_CBC. I.e it seems to be saying that no key length attribute is used and the that AES is always 128 bits. This is not consistent with the use defined in the draft-ietf-ipsec-ciph-aes-cbc. I suggest that we use the AES same way, i.e use the key length attribute to actually set the key length and rename the ENCR_AES_128_CBC to ENCR_AES_CBC. The draft-ietf-ipsec-ciph-aes-cbc is in the rfc editor queue, so we cannot change that anymore... All the other numbers except those with AES in the section 3.3.2 Transform Substructure Transform type 1 (encryption algorithms) table match the current IANA registry. I do not see any point to make it mostly similar but still different especially when the draft-ietf-ipsec-ciph-aes-cbc should be easily usable for both IKEv1 and IKEv2. -- kivinen@ssh.fi SSH Communications Security http://www.ssh.fi/ SSH IPSEC Toolkit http://www.ssh.fi/ipsec/
- Key length attribute and draft-ietf-ipsec-ikev2-0… Tero Kivinen