[Ipsec] Protocol Action: 'IKE and IKEv2 Authentication Using ECDSA' to Proposed Standard
Tero Kivinen <kivinen@iki.fi> Tue, 08 August 2006 12:27 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GAQfk-0000vy-Ma; Tue, 08 Aug 2006 08:27:00 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GAQfj-0000vs-3h; Tue, 08 Aug 2006 08:26:59 -0400
Received: from fireball.acr.fi ([83.145.195.1] helo=mail.kivinen.iki.fi) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GAQfh-0002Rb-Av; Tue, 08 Aug 2006 08:26:59 -0400
Received: from fireball.kivinen.iki.fi (localhost [IPv6:::1]) by mail.kivinen.iki.fi (8.13.5.20060308/8.12.10) with ESMTP id k78CQmnZ016090 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 8 Aug 2006 15:26:48 +0300 (EEST)
Received: (from kivinen@localhost) by fireball.kivinen.iki.fi (8.13.5.20060308/8.12.11) id k78CQmcb021842; Tue, 8 Aug 2006 15:26:48 +0300 (EEST)
X-Authentication-Warning: fireball.kivinen.iki.fi: kivinen set sender to kivinen@iki.fi using -f
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <17624.33544.250706.116205@fireball.kivinen.iki.fi>
Date: Tue, 08 Aug 2006 15:26:48 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: The IESG <iesg-secretary@ietf.org>
Subject: [Ipsec] Protocol Action: 'IKE and IKEv2 Authentication Using ECDSA' to Proposed Standard
In-Reply-To: <p0623095cc0fd7ccbe390@[10.20.30.249]>
References: <p0623095cc0fd7ccbe390@[10.20.30.249]>
X-Mailer: VM 7.19 under Emacs 21.4.1
X-Edit-Time: 4 min
X-Total-Time: 9 min
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 39bd8f8cbb76cae18b7e23f7cf6b2b9f
Cc: IPsec WG <ipsec@ietf.org>
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IP Security <ipsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
Errors-To: ipsec-bounces@ietf.org
The IESG writes: > The IESG has approved the following document: > > - 'IKE and IKEv2 Authentication Using ECDSA ' > <draft-ietf-ipsec-ike-auth-ecdsa-06.txt> as a Proposed Standard > > Note to IANA > > The registry is http://www.iana.org/assignments/ipsec-registry [IANA-IKE], > and the section within the registry is "IPSEC Authentication Methods". > The three new additions are: > > Method Value > ------ ----- > ECDSA with SHA-256 on the P-256 curve 9 > ECDSA with SHA-384 on the P-384 curve 10 > ECDSA with SHA-521 on the P-512 curve 11 > > The registry is http://www.iana.org/assignments/ikev2-parameters > [IANA-IKEv2], and the section within the registry is "IKEv2 > Authentication Method". The three new additions are: > > Method Value > ------ ----- > ECDSA with SHA-256 on the P-256 curve 9 > ECDSA with SHA-384 on the P-384 curve 10 > ECDSA with SHA-521 on the P-512 curve 11 As the currently allocated numbers in the IKEv2-parameters for the "IKEv2 Authentication Method" are completely different that IKEv1, and the first unallocated number in that registry is 4, I think it would be much better to simply take next available numbers (i.e. 4, 5, and 6) instead of the proposed numbers, which would leave a gap of 4-8 to the registry. This also affects the hex encoded packet examples in the section 8. -- kivinen@safenet-inc.com _______________________________________________ Ipsec mailing list Ipsec@ietf.org https://www1.ietf.org/mailman/listinfo/ipsec