[Ipsec] Fwd: I-D ACTION:draft-hoffman-ikev1-algorithms-00.txt
Tero Kivinen <kivinen@iki.fi> Tue, 05 October 2004 08:56 UTC
Received: from megatron.ietf.org (megatron.ietf.org [132.151.6.71]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA04270 for <ipsec-archive@lists.ietf.org>; Tue, 5 Oct 2004 04:56:00 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CEl3P-0001in-1X; Tue, 05 Oct 2004 04:52:15 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CEl1V-0001Qf-26 for ipsec@megatron.ietf.org; Tue, 05 Oct 2004 04:50:19 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA03919 for <ipsec@ietf.org>; Tue, 5 Oct 2004 04:50:15 -0400 (EDT)
Received: from [83.145.195.1] (helo=mail.kivinen.iki.fi) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CElAk-0003oe-Ap for ipsec@ietf.org; Tue, 05 Oct 2004 04:59:51 -0400
Received: from fireball.kivinen.iki.fi (localhost [IPv6:::1]) by mail.kivinen.iki.fi (8.12.11/8.12.10) with ESMTP id i958o9th022716 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Tue, 5 Oct 2004 11:50:09 +0300 (EEST)
Received: (from kivinen@localhost) by fireball.kivinen.iki.fi (8.12.11/8.12.6/Submit) id i958o6U5022713; Tue, 5 Oct 2004 11:50:06 +0300 (EEST)
X-Authentication-Warning: fireball.kivinen.iki.fi: kivinen set sender to kivinen@iki.fi using -f
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <16738.24637.920951.642302@fireball.kivinen.iki.fi>
Date: Tue, 05 Oct 2004 11:50:05 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
Subject: [Ipsec] Fwd: I-D ACTION:draft-hoffman-ikev1-algorithms-00.txt
In-Reply-To: <p06110486bd80ed90fe5c@[10.20.30.249]>
References: <p06110486bd80ed90fe5c@[10.20.30.249]>
X-Mailer: VM 7.17 under Emacs 21.3.1
X-Edit-Time: 12 min
X-Total-Time: 21 min
X-Spam-Score: 0.0 (/)
X-Scan-Signature: bb8f917bb6b8da28fc948aeffb74aa17
Content-Transfer-Encoding: 7bit
Cc: IPsec WG <ipsec@ietf.org>
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IP Security <ipsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
Sender: ipsec-bounces@ietf.org
Errors-To: ipsec-bounces@ietf.org
Content-Transfer-Encoding: 7bit
Paul Hoffman / VPNC writes: > Greetings again. We have talked for over five years about getting rid > of 56-bit DES in IKEv1. So, I have (belatedly) written a draft on > doing this at the same time as updating the other algorithm MUSTs and > SHOULDs. This is a personal draft, not a WG item, but it can be > discussed on this list before I turn it into the IESG as a personal > submission. > > Comments are appreciated. The document seems fine. Perhaps add reference to the NIST announcement of documenting the removal of DES or so might be good idea. Also adding "authentication via pre-shareed keys" to both sections 2 and 3 would be good, so all the requirements are there. Now that is the only one that is left out, as it is not changing. I would actually like to make AES a next MUST cipher, and I do not see problem that we refer new documents here. We are still updating RFC2409 aren't we? Anyways, this will update the ciphers used in the IKEv1 SA, but it does not change the ciphers used in the IPsec SAs. If you want to do that too, you need to update the RFC2407 too. RFC2407 current lists mandatory algorithms as AH with MD5, AH with SHA1, ESP with DES and HMAC-MD5, ESP with NULL cipher. The RFC2406 also lists mandatory algorithms for ESP, i.e it lists: DES in CBC mode, HMAC with MD5, HMAC with SHA-1, NULL authentication algorithm and NULL encryption algorithm. And the RFC2402 lists mandatory algorithms for AH, i.e. it lists; HMAC with MD5 and SHA-1. -- kivinen@safenet-inc.com _______________________________________________ Ipsec mailing list Ipsec@ietf.org https://www1.ietf.org/mailman/listinfo/ipsec
- [Ipsec] Fwd: I-D ACTION:draft-hoffman-ikev1-algor… Paul Hoffman / VPNC
- Re: [Ipsec] Fwd: I-D ACTION:draft-hoffman-ikev1-a… Paul Hoffman / VPNC
- RE: [Ipsec] Fwd: I-D ACTION:draft-hoffman-ikev1-a… Paul Hoffman / VPNC
- [Ipsec] Fwd: I-D ACTION:draft-hoffman-ikev1-algor… Tero Kivinen
- Re: [Ipsec] Fwd: I-D ACTION:draft-hoffman-ikev1-a… Paul Hoffman / VPNC
- Re: [Ipsec] Fwd: I-D ACTION:draft-hoffman-ikev1-a… Tero Kivinen
- Re: [Ipsec] Fwd: I-D ACTION:draft-hoffman-ikev1-a… Paul Hoffman / VPNC