Re: [IPsec] Updated ESP/AH algorithm I-D
Stephen Kent <kent@bbn.com> Tue, 12 March 2013 15:09 UTC
Return-Path: <kent@bbn.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5796921F83E1 for <ipsec@ietfa.amsl.com>; Tue, 12 Mar 2013 08:09:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rVE5o5zHxzDM for <ipsec@ietfa.amsl.com>; Tue, 12 Mar 2013 08:09:13 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by ietfa.amsl.com (Postfix) with ESMTP id 1CE5B21F89FB for <ipsec@ietf.org>; Tue, 12 Mar 2013 08:09:13 -0700 (PDT)
Received: from dommiel.bbn.com ([192.1.122.15]:36011 helo=dhcp-1067.meeting.ietf.org) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1UFQpD-0005Cc-HD; Tue, 12 Mar 2013 11:09:11 -0400
Message-ID: <513F4516.8080905@bbn.com>
Date: Tue, 12 Mar 2013 11:09:10 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130307 Thunderbird/17.0.4
MIME-Version: 1.0
To: ipsec@ietf.org, sheila.frankel@nist.gov
References: <D7A0423E5E193F40BE6E94126930C4930BFB6145E1@MBCLUSTER.xchange.nist.gov>
In-Reply-To: <D7A0423E5E193F40BE6E94126930C4930BFB6145E1@MBCLUSTER.xchange.nist.gov>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [IPsec] Updated ESP/AH algorithm I-D
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2013 15:09:14 -0000
Sheila, I did a quick check of 4301, and it uses the term "confidentiality" consistently when referring to the service, and uses "encryption" to refer to the mechanism. They are not used interchangeably. The same seems to apply to use of terminology re data origin authentication, integrity, etc. Steve On 3/12/13 10:01 AM, Frankel, Sheila E. wrote: > Hi David and Wajdi, > > Your updated ESP/AH algorithm doc looks great, and is very much needed. I just have one comment. You speak of the 2 services provided by ESP and AH as confidentiality and "data origin authentication." As I'm sure you know, authentication is used in different ways by different communities. I believe that in most of the IPsec docs the 1st service is referred to interchangeably as encryption and confidentiality; the 2nd service is interchangeably referred to as authentication and integrity protection. However, in RFC 4303 (ESP) it states: "Data origin authentication and connectionless integrity are joint services, hereafter referred to jointly as "integrity"." In your doc, the integrity-protection aspect is not mentioned at all, and I believe that is a critical oversight. > > Sheila Frankel > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec >
- [IPsec] Updated ESP/AH algorithm I-D Frankel, Sheila E.
- Re: [IPsec] Updated ESP/AH algorithm I-D Stephen Kent
- Re: [IPsec] Updated ESP/AH algorithm I-D Frankel, Sheila E.
- Re: [IPsec] Updated ESP/AH algorithm I-D Stephen Kent
- Re: [IPsec] Updated ESP/AH algorithm I-D Frankel, Sheila E.
- Re: [IPsec] Updated ESP/AH algorithm I-D David McGrew (mcgrew)