Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-ikev2-02

[Alfred Hönes <ah@TR-Sys.de>]

Sean Shen wrote:

> Section 2.2 says that "AES MUST use different rounds for each of the
> key sizes: ...".
> The draft is not trying to say that IKEv2 requires 10/12/14 rounds for
> 128/192/256 key lengths. The draft is not trying to say that AES-CTR
> requires 10/12/14 rounds for 128/192/256 key lengths.
>
> Sean
>
> ...

The "MUST" still makes the difference!  That is normative and does
NOT belong into this draft.  Although that would still be regarded
out of scope of your draft, I would be more willing to accept an
_informative_ statement like:

   "Note: AES uses different rounds for each of the key sizes: ...".
    ^^^^^^    ^^^^

But the most important topic remains:  The draft is ill-advised in
pretending that the interface of AES -- or, btw, *any* currently
sensibly used block cipher primitive of reasonable strength --
had an _external_ parameter "number of rounds" that upper protocol
(sub-)layers would need to have to deal with.
Otherwise, the "IKEv2 Transform Attribute Types" would have to
include an entry for "number of rounds", which it doesn't, and
you also do not aim at establishing such entry.

For the sake of terminological precision and consistency with
existing specifications (and such to avoid confusion), a draft about
the usage of a cryptographic primitive in IPsec/IKE should only
denote as "algorithm parameter" what indeed has to be expressed
as such in SA crypto-algorithm negotiations.


Kind regards,
  Alfred Hönes.

-- 

+------------------------+--------------------------------------------+
| TR-Sys Alfred Hoenes   |  Alfred Hoenes   Dipl.-Math., Dipl.-Phys.  |
| Gerlinger Strasse 12   |  Phone: (+49)7156/9635-0, Fax: -18         |
| D-71254  Ditzingen     |  E-Mail:  ah@TR-Sys.de                     |
+------------------------+--------------------------------------------+