[Ipsec] Key length attribute (was: Important changes in draft-hoffman-rfc3664bis; please review)
Tero Kivinen <kivinen@iki.fi> Fri, 14 October 2005 07:55 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EQKPu-0006LV-SB; Fri, 14 Oct 2005 03:55:50 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EQKPt-0006LQ-1G for ipsec@megatron.ietf.org; Fri, 14 Oct 2005 03:55:49 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA24213 for <ipsec@ietf.org>; Fri, 14 Oct 2005 03:55:43 -0400 (EDT)
Received: from fireball.acr.fi ([83.145.195.1] helo=mail.kivinen.iki.fi) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EQKaX-0003IP-QG for ipsec@ietf.org; Fri, 14 Oct 2005 04:06:51 -0400
Received: from fireball.kivinen.iki.fi (localhost [IPv6:::1]) by mail.kivinen.iki.fi (8.13.4/8.12.10) with ESMTP id j9E7tiBZ018906 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 14 Oct 2005 10:55:44 +0300 (EEST)
Received: (from kivinen@localhost) by fireball.kivinen.iki.fi (8.13.4/8.12.11) id j9E7tisI012172; Fri, 14 Oct 2005 10:55:44 +0300 (EEST)
X-Authentication-Warning: fireball.kivinen.iki.fi: kivinen set sender to kivinen@iki.fi using -f
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <17231.25728.73236.324773@fireball.kivinen.iki.fi>
Date: Fri, 14 Oct 2005 10:55:44 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: Pasi.Eronen@nokia.com
Subject: [Ipsec] Key length attribute (was: Important changes in draft-hoffman-rfc3664bis; please review)
In-Reply-To: <B356D8F434D20B40A8CEDAEC305A1F24019A5FB6@esebe105.NOE.Nokia.com>
References: <B356D8F434D20B40A8CEDAEC305A1F24019A5FB6@esebe105.NOE.Nokia.com>
X-Mailer: VM 7.17 under Emacs 21.4.1
X-Edit-Time: 2 min
X-Total-Time: 2 min
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 39bd8f8cbb76cae18b7e23f7cf6b2b9f
Content-Transfer-Encoding: 7bit
Cc: ipsec@ietf.org
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IP Security <ipsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
Sender: ipsec-bounces@ietf.org
Errors-To: ipsec-bounces@ietf.org
Pasi.Eronen@nokia.com writes: > Yes, I think the intention was not to prohibit variable-length > keys with e.g. Blowfish. Here's proposed text for the clarifications > document: > > Section 3.3.5 says that "The only algorithms defined in this > document that accept attributes are the AES based encryption, > integrity, and pseudo-random functions, which require a single > attribute specifying key width." > > This is incorrect. The AES-based integrity and pseudo-random > functions defined in this document always use a 128-bit key. In > fact, there are currently no integrity or PRF algorithms that use > the key length attribute (and we recommend that they should not > be defined in the future either). > > For encryption algorithms, the situation is slightly more complex > since there are three different types of algorithms: > > o The key length attribute is never used with algorithms that > use a fixed length key, such as DES, 3DES and IDEA. > > o The key length attribute is always included for the currently > defined AES-based algorithms (CBC, CTR, CCM and GCM). Omitting > the key length attribute is not allowed; if the proposal does > not contain it, it has to be rejected. > > o For other algorithms, the key length attribute can be included > but is not mandatory. These algorithms include, e.g., RC5, CAST > and BLOWFISH. If the key length attribute is not included, the > default value specified in [RFC2451] is used. > > Does this look right to you? Looks perfect for me. -- kivinen@safenet-inc.com _______________________________________________ Ipsec mailing list Ipsec@ietf.org https://www1.ietf.org/mailman/listinfo/ipsec
- [Ipsec] Key length attribute (was: Important chan… Pasi.Eronen
- Re: [Ipsec] Key length attribute (was: Important … Dan McDonald
- Re: [Ipsec] Key length attribute (was: Important … Paul Hoffman
- [Ipsec] Key length attribute (was: Important chan… Tero Kivinen
- RE: [Ipsec] Key length attribute (was: Important … Pasi.Eronen
- RE: [Ipsec] Key length attribute (was: Important … Tero Kivinen