IETF Logo Mail Archive

Re: [IPsec] #122: Integrity proposals with combined algorithms

Scott C Moonen <smoonen@us.ibm.com> Wed, 25 November 2009 16:35 UTC

Return-Path: <smoonen@us.ibm.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5FCE03A6AA7; Wed, 25 Nov 2009 08:35:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.448
X-Spam-Level:
X-Spam-Status: No, score=-5.448 tagged_above=-999 required=5 tests=[AWL=1.150, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p8q2hwPPI7Qg; Wed, 25 Nov 2009 08:35:25 -0800 (PST)
Received: from e38.co.us.ibm.com (e38.co.us.ibm.com [32.97.110.159]) by core3.amsl.com (Postfix) with ESMTP id 40A793A6AA3; Wed, 25 Nov 2009 08:35:25 -0800 (PST)
Received: from d03relay03.boulder.ibm.com (d03relay03.boulder.ibm.com [9.17.195.228]) by e38.co.us.ibm.com (8.14.3/8.13.1) with ESMTP id nAPGUaCt012485; Wed, 25 Nov 2009 09:30:36 -0700
Received: from d03av04.boulder.ibm.com (d03av04.boulder.ibm.com [9.17.195.170]) by d03relay03.boulder.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id nAPGYv0P018244; Wed, 25 Nov 2009 09:35:10 -0700
Received: from d03av04.boulder.ibm.com (loopback [127.0.0.1]) by d03av04.boulder.ibm.com (8.14.3/8.13.1/NCO v10.0 AVout) with ESMTP id nAPARMDd006428; Wed, 25 Nov 2009 03:27:22 -0700
Received: from d03nm118.boulder.ibm.com (d03nm118.boulder.ibm.com [9.17.195.144]) by d03av04.boulder.ibm.com (8.14.3/8.13.1/NCO v10.0 AVin) with ESMTP id nAPARMgv006382; Wed, 25 Nov 2009 03:27:22 -0700
In-Reply-To: <p06240821c7330b32121e@[10.20.30.158]>
References: <p06240846c730da1a07f5@[10.20.30.158]> <19211.59597.904754.490768@fireball.kivinen.iki.fi> <p06240861c731caf4cd1a@[10.20.30.158]> <19213.11094.860914.790618@fireball.kivinen.iki.fi> <p06240821c7330b32121e@[10.20.30.158]>
MIME-Version: 1.0
X-MIMETrack: S/MIME Sign by Notes Client on Scott C Moonen/Raleigh/IBM(Release 8.0.2 HF623|January 16, 2009) at 11/25/2009 11:34:35 AM, Serialize by Notes Client on Scott C Moonen/Raleigh/IBM(Release 8.0.2 HF623|January 16, 2009) at 11/25/2009 11:34:35 AM, Serialize complete at 11/25/2009 11:34:35 AM, S/MIME Sign failed at 11/25/2009 11:34:35 AM: The cryptographic key was not found, S/MIME Sign by Notes Client on Scott C Moonen/Raleigh/IBM(Release 8.0.2 HF623|January 16, 2009) at 11/25/2009 11:34:40 AM, Serialize by Notes Client on Scott C Moonen/Raleigh/IBM(Release 8.0.2 HF623|January 16, 2009) at 11/25/2009 11:34:40 AM, Serialize complete at 11/25/2009 11:34:40 AM, S/MIME Sign failed at 11/25/2009 11:34:40 AM: The cryptographic key was not found, Serialize by Router on D03NM118/03/M/IBM(Release 8.5.1HF41 | October 22, 2009) at 11/25/2009 09:34:56, Serialize complete at 11/25/2009 09:34:56
To: Paul Hoffman <paul.hoffman@vpnc.org>
X-KeepSent: 68D7C7F4:8EA0CD30-85257679:005AE6AD; type=4; name=$KeepSent
X-Mailer: Lotus Notes Release 8.0.2 HF623 January 16, 2009
From: Scott C Moonen <smoonen@us.ibm.com>
Message-ID: <OF68D7C7F4.8EA0CD30-ON85257679.005AE6AD-85257679.005B1626@us.ibm.com>
Date: Wed, 25 Nov 2009 11:34:54 -0500
Content-Type: multipart/alternative; boundary="=_alternative 005B10A085257679_="
Cc: IPsecme WG <ipsec@ietf.org>, ipsec-bounces@ietf.org, Tero Kivinen <kivinen@iki.fi>
Subject: Re: [IPsec] #122: Integrity proposals with combined algorithms
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Nov 2009 16:35:26 -0000

> MUST either offer no integrity algorithm or a single integrity algorithm 
of "none"
>
> Does anyone have a problem with this new wording?

I suggest we specify that one or the other as the preferred approach. 
Maybe add an additional sentence saying SHOULD for no transform and MAY 
for transform=none?


Scott Moonen (smoonen@us.ibm.com)
z/OS Communications Server TCP/IP Development
http://www.linkedin.com/in/smoonen



From:
Paul Hoffman <paul.hoffman@vpnc.org>
To:
Tero Kivinen <kivinen@iki.fi>
Cc:
IPsecme WG <ipsec@ietf.org>
Date:
11/25/2009 11:31 AM
Subject:
Re: [IPsec] #122: Integrity proposals with combined algorithms



At 3:04 PM +0200 11/25/09, Tero Kivinen wrote:
> > Are people OK with wording that says "MUST either offer an integrity
> > algorithm or a single integrity algorithm of 'none'"?
>
>If you add "no" somewhere there (i.e. MUST either offer no integrity
>algorithm...) then I can accept it.

Er, right.

MUST either offer no integrity algorithm or a single integrity algorithm 
of "none"

Does anyone have a problem with this new wording?

--Paul Hoffman, Director
--VPN Consortium
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

v2.23.0 | Report a Bug | By Email