[Ipsec] RE: draft-ietf-ipsec-esp-ah-algorithms-02.txt
"Vishwas Manral" <Vishwas@sinett.com> Fri, 31 December 2004 06:36 UTC
Received: from megatron.ietf.org (megatron.ietf.org [132.151.6.71]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA21164 for <ipsec-archive@lists.ietf.org>; Fri, 31 Dec 2004 01:36:01 -0500 (EST)
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CkGCZ-0007WN-NC; Fri, 31 Dec 2004 01:23:55 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CkG04-0005Od-NL for ipsec@megatron.ietf.org; Fri, 31 Dec 2004 01:11:01 -0500
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA19555 for <ipsec@ietf.org>; Fri, 31 Dec 2004 01:10:58 -0500 (EST)
Received: from 63-197-255-158.ded.pacbell.net ([63.197.255.158] helo=sinett.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CkGBN-0007j7-BY for ipsec@ietf.org; Fri, 31 Dec 2004 01:22:51 -0500
X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Thu, 30 Dec 2004 22:17:56 -0800
Message-ID: <BB6D74C75CC76A419B6D6FA7C38317B259F8A0@sinett-sbs.SiNett.LAN>
Thread-Topic: draft-ietf-ipsec-esp-ah-algorithms-02.txt
thread-index: AcTugdx/Vxgc0InMS26paw/2TyjiZwAfMpuw
From: Vishwas Manral <Vishwas@sinett.com>
To: Eastlake III Donald-LDE008 <Donald.Eastlake@motorola.com>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 34d35111647d654d033d58d318c0d21a
Content-Transfer-Encoding: quoted-printable
Cc: ipsec@ietf.org
Subject: [Ipsec] RE: draft-ietf-ipsec-esp-ah-algorithms-02.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IP Security <ipsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
Sender: ipsec-bounces@ietf.org
Errors-To: ipsec-bounces@ietf.org
Content-Transfer-Encoding: quoted-printable
Hi Donald,
@@@ I think draft-ietf-ipsec-esp-v3-09 should be changed.
I don't agree the draft draft-ietf-ipsec-esp-v3-09 should be changed.
The ESP document no longer requires the ESP only service to be there. As
Steve said, we should have change to SHOULD or even a MAY (conforming to
the ESP document). From the ESP document: -
"
- confidentiality-only (MAY be supported)
- integrity-only (MUST be supported)
- confidentiality and integrity (MUST be supported)"
@@@ I don't see why this document needs to list every algorithm/key-size
mentioned in any other IETF document. If there is consensus for
additional entries, I'd be happy to start a successor document.
I see no reason why we should not. Also if we do not want to keep
(MAY's) in the document, you may have to remove (NULL AUTH) from the
document altogether for ESP.
A very happy and fruitful new year to you!!
Thanks again,
Vishwas
-----Original Message-----
From: Eastlake III Donald-LDE008 [mailto:Donald.Eastlake@motorola.com]
Sent: Thursday, December 30, 2004 8:33 PM
To: Vishwas Manral
Cc: ipsec@ietf.org
Subject: RE: draft-ietf-ipsec-esp-ah-algorithms-02.txt
See below at @@@
-----Original Message-----
From: Vishwas Manral [mailto:Vishwas@sinett.com]
Sent: Thursday, December 30, 2004 1:14 AM
To: ipsec@ietf.org
Cc: Eastlake III Donald-LDE008
Subject: draft-ietf-ipsec-esp-ah-algorithms-02.txt
Hi Donald,
I have some minor comments: -
1. For ESP we state that "MUST NULL"(must support NULL
authentication). However
http://www.ietf.org/internet-drafts/draft-ietf-ipsec-esp-v3-09.txt very
clearly seems to state "However, this standard does not require ESP
implementations to offer an encryption-only service."
We may want to change the MUST to SHOULD. Steve?
@@@ I think draft-ietf-ipsec-esp-v3-09 should be changed.
2. A more general comment, what about all the algorithm's that are
specified by IETF but not in the document or a different key size, e.g.
"SHOULD+ AES-CBC with 128-bit keys" what about other key sizes. I
understand it is stated that: -
"To ensure interoperability between disparate implementations it is
necessary to
specify a set of mandatory-to-implement algorithms to ensure at least
one algorithm
that all implementations will have available." however SHOULD's(I
guess not mandatory) are specified.
@@@ I don't see why this document needs to list every algorithm/key-size
mentioned in any other IETF document. If there is consensus for
additional entries, I'd be happy to start a successor document. The
document's MUSTs are the most important part and are a complete list of
what the IETF process has yielded as the mandatory-to-implement
algorithms. But I don't see what the problem is with the document
containing SHOULDs or other levels of implementation advice and hints as
to how that advice might change.
@@@ While the sentence you quote above is obviously true, that sentence
does not deny that there are recommendations other than
mandatory-to-implement in the document. Does every sentence in a
document have to include every nuance from all of the rest of the
material in a document?
Thanks,
Vishwas
@@@ Thanks,
@@@ Donald
=========================================================
Donald E. Eastlake III Donald.Eastlake@Motorola.com
Motorola Laboratories 1-508-786-7554 (work)
111 Locke Drive 1-508-634-2066 (home)
Marlboro, MA 01752
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec
- [Ipsec] draft-ietf-ipsec-esp-ah-algorithms-02.txt Vishwas Manral
- Re: [Ipsec] draft-ietf-ipsec-esp-ah-algorithms-02… Stephen Kent
- [Ipsec] RE: draft-ietf-ipsec-esp-ah-algorithms-02… Eastlake III Donald-LDE008
- [Ipsec] RE: draft-ietf-ipsec-esp-ah-algorithms-02… Vishwas Manral