Key length attribute and draft-ietf-ipsec-ikev2-08.txt

Tero Kivinen <kivinen@ssh.fi> Tue, 24 June 2003 19:46 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <16120.35513.332017.12389@ryijy.hel.fi.ssh.com>
Date: Tue, 24 Jun 2003 20:30:33 +0300
From: Tero Kivinen <kivinen@ssh.fi>
To: ipsec@lists.tislabs.com
Subject: Key length attribute and draft-ietf-ipsec-ikev2-08.txt
Organization: SSH Communications Security Oy
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
Content-Transfer-Encoding: 7bit

The IANA registry has allocated number 12 for the
draft-ietf-ipsec-ciph-aes-cbc draft, and that is using the key length
attribute to distinguish the 128, 192, and 256 bit keys. The current
IKEv2 draft only defines the number 12 to be ENCR_AES_128_CBC. I.e it
seems to be saying that no key length attribute is used and the that
AES is always 128 bits. This is not consistent with the use defined in
the draft-ietf-ipsec-ciph-aes-cbc.

I suggest that we use the AES same way, i.e use the key length
attribute to actually set the key length and rename the
ENCR_AES_128_CBC to ENCR_AES_CBC. The draft-ietf-ipsec-ciph-aes-cbc is
in the rfc editor queue, so we cannot change that anymore...

All the other numbers except those with AES in the section 3.3.2
Transform Substructure Transform type 1 (encryption algorithms) table
match the current IANA registry. I do not see any point to make it
mostly similar but still different especially when the
draft-ietf-ipsec-ciph-aes-cbc should be easily usable for both IKEv1
and IKEv2.
-- 
kivinen@ssh.fi
SSH Communications Security                  http://www.ssh.fi/
SSH IPSEC Toolkit                            http://www.ssh.fi/ipsec/

Key length attribute and draft-ietf-ipsec-ikev2-0… Tero Kivinen