[Ipsec] RE: draft-ietf-ipsec-esp-ah-algorithms-02.txt
"Vishwas Manral" <Vishwas@sinett.com> Fri, 31 December 2004 06:36 UTC
Received: from megatron.ietf.org (megatron.ietf.org [132.151.6.71]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA21164 for <ipsec-archive@lists.ietf.org>; Fri, 31 Dec 2004 01:36:01 -0500 (EST)
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CkGCZ-0007WN-NC; Fri, 31 Dec 2004 01:23:55 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CkG04-0005Od-NL for ipsec@megatron.ietf.org; Fri, 31 Dec 2004 01:11:01 -0500
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA19555 for <ipsec@ietf.org>; Fri, 31 Dec 2004 01:10:58 -0500 (EST)
Received: from 63-197-255-158.ded.pacbell.net ([63.197.255.158] helo=sinett.com) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CkGBN-0007j7-BY for ipsec@ietf.org; Fri, 31 Dec 2004 01:22:51 -0500
X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Thu, 30 Dec 2004 22:17:56 -0800
Message-ID: <BB6D74C75CC76A419B6D6FA7C38317B259F8A0@sinett-sbs.SiNett.LAN>
Thread-Topic: draft-ietf-ipsec-esp-ah-algorithms-02.txt
thread-index: AcTugdx/Vxgc0InMS26paw/2TyjiZwAfMpuw
From: Vishwas Manral <Vishwas@sinett.com>
To: Eastlake III Donald-LDE008 <Donald.Eastlake@motorola.com>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 34d35111647d654d033d58d318c0d21a
Content-Transfer-Encoding: quoted-printable
Cc: ipsec@ietf.org
Subject: [Ipsec] RE: draft-ietf-ipsec-esp-ah-algorithms-02.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IP Security <ipsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
Sender: ipsec-bounces@ietf.org
Errors-To: ipsec-bounces@ietf.org
Content-Transfer-Encoding: quoted-printable
Hi Donald, @@@ I think draft-ietf-ipsec-esp-v3-09 should be changed. I don't agree the draft draft-ietf-ipsec-esp-v3-09 should be changed. The ESP document no longer requires the ESP only service to be there. As Steve said, we should have change to SHOULD or even a MAY (conforming to the ESP document). From the ESP document: - " - confidentiality-only (MAY be supported) - integrity-only (MUST be supported) - confidentiality and integrity (MUST be supported)" @@@ I don't see why this document needs to list every algorithm/key-size mentioned in any other IETF document. If there is consensus for additional entries, I'd be happy to start a successor document. I see no reason why we should not. Also if we do not want to keep (MAY's) in the document, you may have to remove (NULL AUTH) from the document altogether for ESP. A very happy and fruitful new year to you!! Thanks again, Vishwas -----Original Message----- From: Eastlake III Donald-LDE008 [mailto:Donald.Eastlake@motorola.com] Sent: Thursday, December 30, 2004 8:33 PM To: Vishwas Manral Cc: ipsec@ietf.org Subject: RE: draft-ietf-ipsec-esp-ah-algorithms-02.txt See below at @@@ -----Original Message----- From: Vishwas Manral [mailto:Vishwas@sinett.com] Sent: Thursday, December 30, 2004 1:14 AM To: ipsec@ietf.org Cc: Eastlake III Donald-LDE008 Subject: draft-ietf-ipsec-esp-ah-algorithms-02.txt Hi Donald, I have some minor comments: - 1. For ESP we state that "MUST NULL"(must support NULL authentication). However http://www.ietf.org/internet-drafts/draft-ietf-ipsec-esp-v3-09.txt very clearly seems to state "However, this standard does not require ESP implementations to offer an encryption-only service." We may want to change the MUST to SHOULD. Steve? @@@ I think draft-ietf-ipsec-esp-v3-09 should be changed. 2. A more general comment, what about all the algorithm's that are specified by IETF but not in the document or a different key size, e.g. "SHOULD+ AES-CBC with 128-bit keys" what about other key sizes. I understand it is stated that: - "To ensure interoperability between disparate implementations it is necessary to specify a set of mandatory-to-implement algorithms to ensure at least one algorithm that all implementations will have available." however SHOULD's(I guess not mandatory) are specified. @@@ I don't see why this document needs to list every algorithm/key-size mentioned in any other IETF document. If there is consensus for additional entries, I'd be happy to start a successor document. The document's MUSTs are the most important part and are a complete list of what the IETF process has yielded as the mandatory-to-implement algorithms. But I don't see what the problem is with the document containing SHOULDs or other levels of implementation advice and hints as to how that advice might change. @@@ While the sentence you quote above is obviously true, that sentence does not deny that there are recommendations other than mandatory-to-implement in the document. Does every sentence in a document have to include every nuance from all of the rest of the material in a document? Thanks, Vishwas @@@ Thanks, @@@ Donald ========================================================= Donald E. Eastlake III Donald.Eastlake@Motorola.com Motorola Laboratories 1-508-786-7554 (work) 111 Locke Drive 1-508-634-2066 (home) Marlboro, MA 01752 _______________________________________________ Ipsec mailing list Ipsec@ietf.org https://www1.ietf.org/mailman/listinfo/ipsec
- [Ipsec] draft-ietf-ipsec-esp-ah-algorithms-02.txt Vishwas Manral
- Re: [Ipsec] draft-ietf-ipsec-esp-ah-algorithms-02… Stephen Kent
- [Ipsec] RE: draft-ietf-ipsec-esp-ah-algorithms-02… Eastlake III Donald-LDE008
- [Ipsec] RE: draft-ietf-ipsec-esp-ah-algorithms-02… Vishwas Manral