Re: draft-ietf-ipsec-ciph-des-derived-00

"William Allen Simpson" <wsimpson@greendragon.com> Wed, 23 July 1997 12:14 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id IAA12504 for ipsec-outgoing; Wed, 23 Jul 1997 08:14:47 -0400 (EDT)
Date: Wed, 23 Jul 1997 11:36:33 +0000
From: William Allen Simpson <wsimpson@greendragon.com>
Message-ID: <6311.wsimpson@greendragon.com>
To: Norman Shulman <norm@tor.securecomputing.com>
Cc: ipsec@tis.com
Subject: Re: draft-ietf-ipsec-ciph-des-derived-00
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

> From: Norman Shulman <norm@tor.securecomputing.com>
> Page 4, 4.2, paragraph 2: Suggest adding the following sentence (copied from
> 4.3): "Alternatively, the least significant bit of each key byte is ignored,
> or locally set to parity by the DES implementation."
>
No, the purpose of the parity in manual keying is to detect
configuration errors.  It SHOULD be required.

4.3 is for automated keying.  It MAY be required.

SHOULD and MAY have very specific meanings.


> Page 6, Pad Values, Range: Should be 1 to 255.
>
No, please read in context.  The value is the _configured_ maximum
amount of padding to generate and check.  Zero (0) means no checking.
For DES, when checking is enabled, the required value is 7, generating
and checking 0-7 bytes of padding.  More than 7 are allowed.  Therefore,
the configuration range is 7 to 255.

This section was designed to complement the text that the WG asked to be
added to the ESP draft.  I will check the ESP draft to ensure that it
includes the necessary explanation.

WSimpson@UMich.edu
    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32
BSimpson@MorningStar.com
    Key fingerprint =  2E 07 23 03 C5 62 70 D3  59 B1 4F 5E 1D C2 C1 A2

draft-ietf-ipsec-ciph-des-derived-00 Norman Shulman
Re: draft-ietf-ipsec-ciph-des-derived-00 William Allen Simpson
Re: draft-ietf-ipsec-ciph-des-derived-00 Norman Shulman