Re: AH/ESP drafts
Lewis McCarthy <lmccarth@cs.umass.edu> Fri, 13 March 1998 21:23 UTC
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id QAA12238 for ipsec-outgoing; Fri, 13 Mar 1998 16:23:06 -0500 (EST)
Message-ID: <3509A6CF.446B@cs.umass.edu>
Date: Fri, 13 Mar 1998 16:36:15 -0500
From: Lewis McCarthy <lmccarth@cs.umass.edu>
Organization: UMass-Amherst Theoretical Computer Science Group, <http://www.cs.umass.edu/~thtml/>
X-Mailer: Mozilla 3.01Gold (X11; U; OSF1 V4.0 alpha)
MIME-Version: 1.0
To: IP Security List <ipsec@tis.com>
Subject: Re: AH/ESP drafts
References: <199803131729.MAA06106@relay.rv.tis.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
Karen Seo writes re: draft-...-esp-v2-04.txt: > Section 5. Conformance Requirements > > Changed list of algorithms [...] > to: > - DES in CBC mode [MD97] > - HMAC with MD5 [MG97a] > - HMAC with SHA-1 [MG97b] > - NULL Authentication algorithm > - NULL Encryption algorithm > > Added the text: > > Since ESP encryption and authentication are optional, > support for the 2 "NULL" algorithms is required to > maintain consistency with the way these services are > negotiated. NOTE that while authentication and > encryption can each be "NULL", they MUST NOT both be > "NULL". If we treat NULL-Auth and NULL-Encrypt as separate algorithms, do we need draft-ietf-ipsec-ciph-null to define a NULL-Auth? Currently it explicitly gives a definition of an _encryption_ algorithm, not an authentication algorithm. (Reading ESP Sec. 2.7 literally, we would need to add specification of the ICV field length and "the comparison and processing steps for validation" to create a conformant auth algorithm spec :-) -Lewis <pseudonym@acm.org>
- AH/ESP drafts Karen Seo
- Re: AH/ESP drafts Lewis McCarthy