IPSEC DOI V8

"Derrell D. Piper" <ddp@network-alchemy.com> Fri, 13 March 1998 20:11 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id PAA11722 for ipsec-outgoing; Fri, 13 Mar 1998 15:11:05 -0500 (EST)
Message-Id: <199803132021.PAA12657@relay.hq.tis.com>
To: ipsec@tis.com
Subject: IPSEC DOI V8
Date: Fri, 13 Mar 1998 12:23:55 -0800
From: "Derrell D. Piper" <ddp@network-alchemy.com>
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

Folks,

Here's a summary of the changes to the IPSEC DOI.

Section 2

  - added reference to base IPSEC documents (ARCH, AH, ESP)

Section 4.3.1

  - removed refernece to the PF_KEY ID (not in Last Call)

Section 4.4.1.4

  - corrected name of IPCOMP - IP Payload Compression

Section 4.4.3, Section 4.4.4

  - added note about the required use of the Authentication 
    Algorithm attribute with AH and ESP

Section 4.4.3.n

  - added restriction against using conflicting AH transform 
    ID's and Authentication Algorithm attribute values, e.g.
    trying for AH_MD5 with Auth(HMAC-SHA)

Section 4.4.4

  - restored RESERVED as ESP ID 0 (Rob Glenn)
  - moved ESP_NULL to ESP ID 11
  - removed reference to the ARCFOUR ID (not in Last Call)
  - added reference to ESP NULL cipher document

Section 4.4.4.n, References

  - removed obsolete cipher document referneces and replaced
    them with pointers to The One True CBC Cipher Document (tm)

Section 4.5

  - replaced "B/V" notation with "V" to mirror change to [IKE]
  - add additional clarifying text about B/V substitutions

Section 4.6.1, Figure 1

  - added missing Secrecy Level and Integrity Level fields
    to text description under figure

Section 4.6.3

  - removed bogus claim that aggressive mode protects Notify's
  - add security note about using Notify payloads in Main Mode

Referneces

  - updated various document version numbers

IPSEC DOI V8 Derrell D. Piper