Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-ikev2-02
Sean Shen <sean.s.shen@gmail.com> Fri, 23 October 2009 14:06 UTC
Return-Path: <sean.s.shen@gmail.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 77F733A6842 for <ipsec@core3.amsl.com>; Fri, 23 Oct 2009 07:06:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[AWL=0.196, BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q+NI-7bjPPyS for <ipsec@core3.amsl.com>; Fri, 23 Oct 2009 07:06:35 -0700 (PDT)
Received: from mail-pw0-f50.google.com (mail-pw0-f50.google.com [209.85.160.50]) by core3.amsl.com (Postfix) with ESMTP id 933C33A683E for <ipsec@ietf.org>; Fri, 23 Oct 2009 07:06:35 -0700 (PDT)
Received: by pwi4 with SMTP id 4so2187942pwi.29 for <ipsec@ietf.org>; Fri, 23 Oct 2009 07:06:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=w/gUFjKHX6UwjLlpoHDfNz9pPDR84kmXgENKbIenN6w=; b=WidBmVKMycqQ1rRjkazWK3NPzX8IQ4fHScRNw6POt+4T1S955d/i5mmOOqfDul25oi f6+rMAKU8N/bTd0qOMM2JsxLeSDsvLyQRKULKcav11AUARtDekKiaOOzor+DrSymjShs Pgw5xAlS91mPr4ALjVlAeyGMFy8ilxhAPonx0=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=POUiiBtmulzzDJhJXkNfPsiKtAhg4vrLzeuUIuQDEFiUuBP0gd4XDq7jcDdG0wmXzn A0xZKjtLv/RgoCnboDgno3HngiO111SltIG34RCbSakA/yZrixsndKC6noFLta0HB0a5 iad/1YS9Mtn8km7CMJ4zCdKJQES7A8wy2KtSM=
MIME-Version: 1.0
Received: by 10.115.86.7 with SMTP id o7mr16105239wal.50.1256306803667; Fri, 23 Oct 2009 07:06:43 -0700 (PDT)
In-Reply-To: <200910231305.PAA18127@TR-Sys.de>
References: <80b5a9190910230538h2a46e6e8i98235ea3529d45de@mail.gmail.com> <200910231305.PAA18127@TR-Sys.de>
Date: Fri, 23 Oct 2009 22:06:43 +0800
Message-ID: <80b5a9190910230706ta100ec1j7e52d6160c7960f1@mail.gmail.com>
From: Sean Shen <sean.s.shen@gmail.com>
To: Alfred HÎnes <ah@tr-sys.de>
Content-Type: multipart/alternative; boundary="0016e64b0448c2f39604769ab86e"
Cc: ipsec@ietf.org
Subject: Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-ikev2-02
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Oct 2009 14:06:36 -0000
2009/10/23 Alfred HÎnes <ah@tr-sys.de> > Sean Shen wrote: > > >> ... > >> > > [Sean] The IKEv2 requirement in the draft is only about key lengths. > > I never pretended that the AES standard allows arbitary conbinations > > of key lengths and rounds. > > I checked the document again and noticed that in the second paragraph > > of section 2: > > "... The choices of Key Size, Rounds and Block Size are defined as > > following which are compatible with [RFC3686]." > > That was one of my initial complaints ... > > > If this sentense misleads readers to think that users can choose all > > conbinations, I will rewrite it as: > > "... The choices of Key Size are defined as following which are > > compatible with [RFC3686]." > > ... and that's essentially what I had proposed for that paragraph. > > And yes, since that's written in the overview of Section 2, which > lays out the skeleton of the remainder of the section, the immediate > consequence of this change should be to drop sections 2.2 and 2.3 > as well, as explained in my original review. > (To recall: The argument presented there was that, after dropping > inappropriate text, the remaining text in 2.2 & 2.3 would be a > simple -- yet verbose -- restatement of the first paragraph of > Section 2, and hence redundant anyway.) [Sean] Section 2.2 introduces key length of AES, the associated rounds, IKEv2's MUST/MAY requirements of key length. Section 2.3 introduces block size. These are all basic intro of algorithm. The overview of section 2 can be: " The use of AES algorithm operations in IKEv2 is the same as what defined in [AES]. The use of Counter Mode is defined the same as how AES_CTR is used to encrypt ESP payload [RFC3686]. Basic descriptions of AES and CTR mode are given in this section. Also the requirement of Key Size of IKEv2 are discussed as following which are compatible with [RFC3686]." Best, Sean
- Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-… Sean Shen
- Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-… Shen Sean
- Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-… Tero Kivinen
- Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-… Shen Sean
- Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-… Paul Koning
- Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-… Tero Kivinen
- Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-… Sean Shen
- Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-… Alfred Hönes
- Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-… Sean Shen
- Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-… Alfred Hönes
- Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-… Alfred Hönes