[IPsec] draft-kato-ipsec-camellia-gcm-02 remaining editorials
Alfred Hönes <ah@TR-Sys.de> Tue, 20 October 2009 23:08 UTC
Return-Path: <A.Hoenes@TR-Sys.de>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9CB453A690E for <ipsec@core3.amsl.com>; Tue, 20 Oct 2009 16:08:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.23
X-Spam-Level: **
X-Spam-Status: No, score=2.23 tagged_above=-999 required=5 tests=[AWL=0.979, BAYES_00=-2.599, CHARSET_FARAWAY_HEADER=3.2, HELO_EQ_DE=0.35, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xmf65Bu0l8+F for <ipsec@core3.amsl.com>; Tue, 20 Oct 2009 16:08:10 -0700 (PDT)
Received: from TR-Sys.de (gateway.tr-sys.de [213.178.172.147]) by core3.amsl.com (Postfix) with ESMTP id 271DA3A681A for <ipsec@ietf.org>; Tue, 20 Oct 2009 16:08:07 -0700 (PDT)
Received: from ZEUS.TR-Sys.de by w. with ESMTP ($Revision: 1.37.109.26 $/16.3.2) id AA268150045; Wed, 21 Oct 2009 01:07:25 +0200
Received: (from ah@localhost) by z.TR-Sys.de (8.9.3 (PHNE_25183)/8.7.3) id BAA11677; Wed, 21 Oct 2009 01:07:18 +0200 (MESZ)
From: Alfred Hönes <ah@TR-Sys.de>
Message-Id: <200910202307.BAA11677@TR-Sys.de>
To: kato.akihiro@po.ntts.co.jp, kanno.satoru@po.ntts.co.jp, kanda@isl.ntt.co.jp
Date: Wed, 21 Oct 2009 01:07:17 +0200
X-Mailer: ELM [$Revision: 1.17.214.3 $]
Mime-Version: 1.0
Content-Type: text/plain; charset="hp-roman8"
Content-Transfer-Encoding: 8bit
Cc: ipsec@ietf.org
Subject: [IPsec] draft-kato-ipsec-camellia-gcm-02 remaining editorials
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Oct 2009 23:08:11 -0000
Hello once more,
to complete my follow-up work for your Camellia related I-Ds,
I also have addressed draft-kato-ipsec-camellia-gcm-02.
Generally, the spirit of the reasoning is the same as in my recent
editorial reviews for the sibling Camellia I-Ds. Therefore, I now
use a more terse style. (Please feel free to ask back if it turns
out that I'm not clear enough.)
(1) Document Title
Since Camellia-GCM as specified in the draft (and btw any instance
of GCM in general) withing IPsec only applies to ESP (not to AH)
and you do not specify IKEv2-internal use of Camellia-GCM, I suggest
to clarify and amend the document title accordingly. Beyond that,
"Modes of Operation" and "Modes" are synonym, which allows to simplify
the headline. Altogether, I suggest to modify the title as follows:
The Use of Galois/Counter Mode (GCM) Modes of Operation for Camellia and
Its Use With IPsec
---
| The Use of Galois/Counter Mode (GCM) for the Camellia Block Cipher
| With IPsec ESP
(2) Section 1
(2a) 1st para -- punctuation
The commas are not neded:
This document describes the use of the Camellia block cipher
| algorithm in GCM Mode (Camellia-GCM) , as an IPsec ESP mechanism to
| provide confidentiality, and data origin authentication. We refer to
this method as Camellia-GCM-ESP.
---
This document describes the use of the Camellia block cipher
| algorithm in GCM Mode (Camellia-GCM) as an IPsec ESP mechanism to
| provide confidentiality and data origin authentication. We refer to
this method as Camellia-GCM-ESP.
(2b) 2nd para
<< same as for the sibling drafts! >>
(2c) 3rd para
I suggest to insert "encryption" for clarity and as a counterpart
to "authentication":
| GCM mode provides Counter mode (CTR) with data origin authentication.
This document does not cover implementation details of GCM. Those
details can be found in [1].
--- vvvvvvvvvvvv
| GCM mode provides Counter mode (CTR) encryption with data origin
authentication. This document does not cover implementation details
of GCM. Those details can be found in [1].
(3) Section 2 -- grammar
Camellia-GCM comply with [2] on following points:
--- vvv vvvvvv
Camellia-GCM complies with [2] in the following points:
And I would add to the end of this section a short description of
what makes the difference (after all these similarities) :
|
| The only difference is the use of the Camellia block cipher primitive
| instead of the AES block cipher primitive.
(4) Section 3 -- punctuation
The first commas is not neded:
This section describes the conventions used to generate keying
| material and salt values, for use with Camellia-GCM-ESP, using the
Internet Key Exchange (IKE) [4] protocol. [...]
---
This section describes the conventions used to generate keying
| material and salt values for use with Camellia-GCM-ESP, using the
Internet Key Exchange (IKE) [4] protocol. [...]
(5) Sections 3.2 and 3.3 -- IKE Terminology
The draft uses terminology from the old IKE (v1) : "Phase 1" and
"Phase 2".
Since you only address IKEv2 [4], that's confusing, and it would
be better to switch to IKEv2-specific terms: "Initial Exchange",
"CREATE_CHILD_SA Exchange", and "INFORMATIONAL Exchange".
(6) Section 4
The abbreviation "TV" for "Test Vector" is not used anywhere else
in the draft and hence "(TV)" should be deleted from the first
text line in Section 4.
(7) Section 5, 1st paragraph
Please consult my suggestions for the sibling drafts for possible
similar textual improvements.
(8) Section 6
For added precision, I recommend to indicate *which* IANA registry
shall be updated and in which sub-registry the assignment shall
be performed, using the words from the registry file as a precise
guide to IANA and prospective readers of your future RFC:
| IANA has assigned three ESP Transform Identifiers for Camellia-GCM
| with an eight-byte explicit IV:
---
| IANA has assigned three Transform Type 1 (Encryption Algorithm)
| Identifiers for Camellia-GCM with an eight-byte explicit IV in the
| "IKEv2 Parameters" registry:
Because of anecdotal evidence of previous trouble, the table should
perhaps be amended to show precisely the entries for these transforms
you would like to see registered:
| <TBD1> for Camellia-GCM with an 8 octet ICV;
| <TBD2> for Camellia-GCM with a 12 octet ICV; and
| <TBD3> for Camellia-GCM with a 16 octet ICV.
---
| Number Name Reference
| -------- --------------------------------------- -----------
| <TBD1> Camellia-GCM with an 8 octet ICV [RFCxxxx]
| <TBD2> Camellia-GCM with a 12 octet ICV [RFCxxxx]
| <TBD3> Camellia-GCM with a 16 octet ICV [RFCxxxx]
|
| [[ IANA and RFC Editor: please substitute the RFC number assigned
| to this document for 'xxxx' above. ]]
BTW, IPSECME folks:
I would appreciate if IANA could fix the current entry in the above
registry for AES-GCM-8 _without_ consuming additional cycles of
the IESG, when touching this registry for the memo under review:
18 AES-GCM with a 8 octet ICV [RFC4106]
--- v
18 AES-GCM with an 8 octet ICV [RFC4106]
:-)
Kind regards,
Alfred Hönes.
--
+------------------------+--------------------------------------------+
| TR-Sys Alfred Hoenes | Alfred Hoenes Dipl.-Math., Dipl.-Phys. |
| Gerlinger Strasse 12 | Phone: (+49)7156/9635-0, Fax: -18 |
| D-71254 Ditzingen | E-Mail: ah@TR-Sys.de |
+------------------------+--------------------------------------------+
- [IPsec] draft-kato-ipsec-camellia-gcm-02 remainin… Alfred Hönes