Re: [IPsec] Working Group Last Call: draft-ietf-ipsecme-esp-ah-reqts

Yoav Nir <> Tue, 25 February 2014 20:27 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id F02BE1A07A9 for <>; Tue, 25 Feb 2014 12:27:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.1
X-Spam-Status: No, score=-0.1 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id DX6972h8p_Ow for <>; Tue, 25 Feb 2014 12:27:12 -0800 (PST)
Received: from ( [IPv6:2a00:1450:400c:c03::243]) by (Postfix) with ESMTP id 398E21A0789 for <>; Tue, 25 Feb 2014 12:27:12 -0800 (PST)
Received: by with SMTP id q58so244358wes.6 for <>; Tue, 25 Feb 2014 12:27:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=34ZPo/wUjpLfNXhgy95ZsWacLPpZB+Y9sp3OLuMhHZc=; b=j1xM2PIQ+xTB6pqfydalGMFWuZQ2xwKeOlOGWqSStHg1+2CMaenME13glNgzSgd4SQ wn3H28jeAMtDD2ouCKl41fYwMfZJ0JzgtJnfIXV5cyMo3m9BKoamcWRXFXiz+cLuJGC9 apwm4vT1R60eh+vWcUny9dOfZ0nHGYO+WIN6XqUZD1k+b/TZ+2SkjkskUlYHDhf8i4qf t5xe2Smr8S/bXwRD2diem1w8R6K6ctOeG35pztdCYuGI6VFq/XbX1y+KMpsg/q0cw3bh y7XJIXGvwNrT+AA21ua3+zhYYtNkx01PcOU+a1IChzjQQqqywFyZIxUIo+CCzYqMUQCo HEbA==
X-Received: by with SMTP id em16mr1736390wid.3.1393360030844; Tue, 25 Feb 2014 12:27:10 -0800 (PST)
Received: from [] ( []) by with ESMTPSA id jd2sm3337609wic.9.2014. for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 25 Feb 2014 12:27:10 -0800 (PST)
Content-Type: multipart/alternative; boundary="Apple-Mail=_184D298D-AEE5-4545-85FC-CD9FEA5E372B"
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
From: Yoav Nir <>
In-Reply-To: <>
Date: Tue, 25 Feb 2014 22:27:07 +0200
Message-Id: <>
References: <>
To: Yaron Sheffer <>
X-Mailer: Apple Mail (2.1827)
Cc: ipsec <>
Subject: Re: [IPsec] Working Group Last Call: draft-ietf-ipsecme-esp-ah-reqts
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 25 Feb 2014 20:28:45 -0000


I think this document is ready. 

A quick glance at the tables in section two lead me to ask some questions:
Why is DES singled out, while things like HMAC-MD5 are not discouraged?
Why is there no algorithm diversity?
Why is HMAC-SHA-256 not there?

However, reading section 4 answered all of those questions, so I think it’s clear. The only nit I can find is that “+” means “in the future this will be more encouraged”, and “-“ means “in the future this will be less encouraged, except for “SHOULD NOT+”. It might be more consistent if that was called “SHOULD NOT-“. But that is nit-picking, as the text does explain what that means. 


On Feb 25, 2014, at 8:48 PM, Yaron Sheffer <> wrote:

> Hi, this is to start a 2-week working group last call on the revised Algorithm Implementation Requirements document, ending March 11. The draft is at: We should have last called the draft a while ago, and I apologize for the delay.
> The changes from the existing requirements are listed in Sec. 2.5 of the draft, but most of this (rather short) document is new and describes the rationale for the choice of algorithms and requirement levels.
> Please read this draft and send any comments to the WG mailing list, even if the comments are "I see no problems". Comments such as "I do not understand this part" or "this part could be explained better in this way" are particularly useful at this point.
> Thanks,
>    Yaron
> _______________________________________________
> IPsec mailing list