Re: [IPsec] #122: Integrity proposals with combined algorithms
Scott C Moonen <smoonen@us.ibm.com> Wed, 25 November 2009 17:47 UTC
Return-Path: <smoonen@us.ibm.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 209483A687A; Wed, 25 Nov 2009 09:47:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.831
X-Spam-Level:
X-Spam-Status: No, score=-5.831 tagged_above=-999 required=5 tests=[AWL=0.767, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hNo5ZAHobTIJ; Wed, 25 Nov 2009 09:47:51 -0800 (PST)
Received: from e32.co.us.ibm.com (e32.co.us.ibm.com [32.97.110.150]) by core3.amsl.com (Postfix) with ESMTP id 185663A694C; Wed, 25 Nov 2009 09:47:51 -0800 (PST)
Received: from d03relay05.boulder.ibm.com (d03relay05.boulder.ibm.com [9.17.195.107]) by e32.co.us.ibm.com (8.14.3/8.13.1) with ESMTP id nAPHgD6U028069; Wed, 25 Nov 2009 10:42:13 -0700
Received: from d03av01.boulder.ibm.com (d03av01.boulder.ibm.com [9.17.195.167]) by d03relay05.boulder.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id nAPHlLLE181598; Wed, 25 Nov 2009 10:47:22 -0700
Received: from d03av01.boulder.ibm.com (loopback [127.0.0.1]) by d03av01.boulder.ibm.com (8.14.3/8.13.1/NCO v10.0 AVout) with ESMTP id nAPHlLoH029770; Wed, 25 Nov 2009 10:47:21 -0700
Received: from d03nm118.boulder.ibm.com (d03nm118.boulder.ibm.com [9.17.195.144]) by d03av01.boulder.ibm.com (8.14.3/8.13.1/NCO v10.0 AVin) with ESMTP id nAPHlLAt029767; Wed, 25 Nov 2009 10:47:21 -0700
In-Reply-To: <p06240826c733199b72e8@[10.20.30.158]>
References: <p06240846c730da1a07f5@[10.20.30.158]> <19211.59597.904754.490768@fireball.kivinen.iki.fi> <p06240861c731caf4cd1a@[10.20.30.158]> <19213.11094.860914.790618@fireball.kivinen.iki.fi> <p06240821c7330b32121e@[10.20.30.158]> <OF68D7C7F4.8EA0CD30-ON85257679.005AE6AD-85257679.005B1626@us.ibm.com> <p06240826c733199b72e8@[10.20.30.158]>
To: Paul Hoffman <paul.hoffman@vpnc.org>
MIME-Version: 1.0
X-KeepSent: 8B3AA740:DF48C7F3-85257679:00614762; type=4; name=$KeepSent
X-Mailer: Lotus Notes Release 8.0.2 HF623 January 16, 2009
From: Scott C Moonen <smoonen@us.ibm.com>
X-MIMETrack: S/MIME Sign by Notes Client on Scott C Moonen/Raleigh/IBM(Release 8.0.2 HF623|January 16, 2009) at 11/25/2009 12:43:09 PM, Serialize by Notes Client on Scott C Moonen/Raleigh/IBM(Release 8.0.2 HF623|January 16, 2009) at 11/25/2009 12:43:09 PM, Serialize complete at 11/25/2009 12:43:09 PM, S/MIME Sign failed at 11/25/2009 12:43:09 PM: The cryptographic key was not found, Serialize by Router on D03NM118/03/M/IBM(Release 8.5.1HF41 | October 22, 2009) at 11/25/2009 10:47:20, Serialize complete at 11/25/2009 10:47:20
Message-ID: <OF8B3AA740.DF48C7F3-ON85257679.00614762-85257679.0061B75C@us.ibm.com>
Date: Wed, 25 Nov 2009 12:47:19 -0500
Content-Type: multipart/alternative; boundary="=_alternative 006155B985257679_="
Cc: IPsecme WG <ipsec@ietf.org>, ipsec-bounces@ietf.org, Tero Kivinen <kivinen@iki.fi>
Subject: Re: [IPsec] #122: Integrity proposals with combined algorithms
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Nov 2009 17:47:52 -0000
> MUST either offer no integrity algorithm or a single integrity algorithm of "none", with no integrity algorithm being the preferred method Sounds good, thanks, Scott Moonen (smoonen@us.ibm.com) z/OS Communications Server TCP/IP Development http://www.linkedin.com/in/smoonen From: Paul Hoffman <paul.hoffman@vpnc.org> To: Scott C Moonen/Raleigh/IBM@IBMUS Cc: IPsecme WG <ipsec@ietf.org>, ipsec-bounces@ietf.org, Tero Kivinen <kivinen@iki.fi> Date: 11/25/2009 12:29 PM Subject: Re: [IPsec] #122: Integrity proposals with combined algorithms At 11:34 AM -0500 11/25/09, Scott C Moonen wrote: > > MUST either offer no integrity algorithm or a single integrity algorithm of "none" >> >> Does anyone have a problem with this new wording? > >I suggest we specify that one or the other as the preferred approach. Maybe add an additional sentence saying SHOULD for no transform and MAY for transform=none? I hate honing down that far: it confuses future developers. How about: MUST either offer no integrity algorithm or a single integrity algorithm of "none", with no integrity algorithm being the preferred method --Paul Hoffman, Director --VPN Consortium
- [IPsec] #122: Integrity proposals with combined a… Paul Hoffman
- Re: [IPsec] #122: Integrity proposals with combin… Dan McDonald
- [IPsec] #122: Integrity proposals with combined a… Tero Kivinen
- Re: [IPsec] #122: Integrity proposals with combin… Paul Hoffman
- Re: [IPsec] #122: Integrity proposals with combin… Tero Kivinen
- Re: [IPsec] #122: Integrity proposals with combin… Paul Hoffman
- Re: [IPsec] #122: Integrity proposals with combin… Scott C Moonen
- Re: [IPsec] #122: Integrity proposals with combin… Paul Hoffman
- Re: [IPsec] #122: Integrity proposals with combin… Scott C Moonen
- Re: [IPsec] #122: Integrity proposals with combin… Tero Kivinen