[IPsec] Updated ESP/AH algorithm I-D

"Frankel, Sheila E." <sheila.frankel@nist.gov> Tue, 12 March 2013 14:03 UTC

Return-Path: <sheila.frankel@nist.gov>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 87CB221F8AF0 for <ipsec@ietfa.amsl.com>; Tue, 12 Mar 2013 07:03:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 0GfHQcdbGQbi for <ipsec@ietfa.amsl.com>; Tue, 12 Mar 2013 07:03:26 -0700 (PDT)
Received: from wsget1.nist.gov (wsget1.nist.gov []) by ietfa.amsl.com (Postfix) with ESMTP id D6F5A21F8AE3 for <ipsec@ietf.org>; Tue, 12 Mar 2013 07:03:25 -0700 (PDT)
Received: from WSXGHUB2.xchange.nist.gov ( by wsget1.nist.gov ( with Microsoft SMTP Server (TLS) id; Tue, 12 Mar 2013 10:02:48 -0400
Received: from MBCLUSTER.xchange.nist.gov ([fe80::d479:3188:aec0:cb66]) by WSXGHUB2.xchange.nist.gov ([]) with mapi; Tue, 12 Mar 2013 10:03:25 -0400
From: "Frankel, Sheila E." <sheila.frankel@nist.gov>
To: IPsecme WG <ipsec@ietf.org>
Date: Tue, 12 Mar 2013 10:01:52 -0400
Thread-Topic: Updated ESP/AH algorithm I-D
Thread-Index: AQHOHypcZWhf/6yZR0un+EanXx7lZA==
Message-ID: <D7A0423E5E193F40BE6E94126930C4930BFB6145E1@MBCLUSTER.xchange.nist.gov>
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Subject: [IPsec] Updated ESP/AH algorithm I-D
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2013 14:03:26 -0000

Hi David and Wajdi,

Your updated ESP/AH algorithm doc looks great, and is very much needed. I just have one comment. You speak of the 2 services provided by ESP and AH as confidentiality and "data origin authentication." As I'm sure you know, authentication is used in different ways by different communities. I believe that in most of the IPsec docs the 1st service is referred to interchangeably as encryption and confidentiality; the 2nd service is interchangeably referred to as authentication and integrity protection. However, in RFC 4303 (ESP) it states: "Data origin authentication and connectionless integrity are joint services, hereafter referred to jointly as "integrity"." In your doc, the integrity-protection aspect is not mentioned at all, and I believe that is a critical oversight.

Sheila Frankel