Re: [IPsec] Working Group Last Call: draft-ietf-ipsecme-esp-ah-reqts

"Valery Smyslov" <svanru@gmail.com> Mon, 03 March 2014 12:02 UTC

Return-Path: <svanru@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CB9D1A0060 for <ipsec@ietfa.amsl.com>; Mon, 3 Mar 2014 04:02:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.6
X-Spam-Level:
X-Spam-Status: No, score=-0.6 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nw9poeOgxn1E for <ipsec@ietfa.amsl.com>; Mon, 3 Mar 2014 04:02:49 -0800 (PST)
Received: from mail-la0-x234.google.com (mail-la0-x234.google.com [IPv6:2a00:1450:4010:c03::234]) by ietfa.amsl.com (Postfix) with ESMTP id 39AD11A0051 for <ipsec@ietf.org>; Mon, 3 Mar 2014 04:02:49 -0800 (PST)
Received: by mail-la0-f52.google.com with SMTP id ec20so3739189lab.39 for <ipsec@ietf.org>; Mon, 03 Mar 2014 04:02:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:from:to:references:subject:date:mime-version :content-type:content-transfer-encoding; bh=csm0H9Gpsbj4oVR0bqKz0WO2ovwXUR6R3SNhoQ4gvKo=; b=wazSeW6dm5A68gwg3oUykE8b3fUVqdyFyU4/CoJ9iSpH39HLCJWR7+F63LwIio722t gxQdE+ASQgPHVJTDg/wTGElJmHwiIAfsMRX8Bb0+D2oT7Do3WwHmbLQmP4awy/fWLvxR 6+bOZv97ZUA7nX/k1BTRNBhC+AcK5rhgouDb0S1PUFDq+fUfrslfHguaXcCkD48MkVUS UpsHmnySyR/SN+oZhm7q8wkBfXt9p9RtepYIuV+uvWCxSGcQLiF6RNu0/26xnQQXe6x7 6PYUiviKcHyE0IQDEUzJTTUBxCQfj5P9B0j2J1yiUbgq7Kn8hUvsaKRVPhOO4AtJcP5w tOmA==
X-Received: by 10.152.242.165 with SMTP id wr5mr2012438lac.47.1393848165617; Mon, 03 Mar 2014 04:02:45 -0800 (PST)
Received: from buildpc ([93.188.44.200]) by mx.google.com with ESMTPSA id q6sm29678406lal.3.2014.03.03.04.02.44 for <multiple recipients> (version=TLSv1 cipher=RC4-SHA bits=128/128); Mon, 03 Mar 2014 04:02:44 -0800 (PST)
Message-ID: <9618756DDA9C407AB0DC06AC207FD394@buildpc>
From: "Valery Smyslov" <svanru@gmail.com>
To: "Yaron Sheffer" <yaronf.ietf@gmail.com>, "ipsec" <ipsec@ietf.org>
References: <530CE583.6030801@gmail.com>
Date: Mon, 3 Mar 2014 16:02:57 +0400
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=response
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5931
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157
Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/wmlo7kKBKUkIUYgkMIEwxiy6CZU
Subject: Re: [IPsec] Working Group Last Call: draft-ietf-ipsecme-esp-ah-reqts
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Mar 2014 12:02:51 -0000

Hi,

I have mostly no problem with the document.

However I have one small concern.

The draft lists the following trasforms based on AES cipher:

AES-GCM
AES-CCM
AES-CTR
AES-128-CBC
AES-GMAC
AES-XCBC-MAC-96

All these transforms, except for AES-XCBC-MAC-96,
allows to be used with different key lengths - 128, 192 and 256 bits.
It looks strange to me that, unlike the others, AES-128-CBC
has key length explicitely specified in the draft. Why it differs in
this respect from the others? What about AES-192-CBC and
AES-256-CBC - are they also "MUST" or "MAY"? Or even "MUST NOT"? :-)

I think the draft should either:
- remove explicit key length from AES-128-CBC and make it just AES-CBC
- add explicit key length to all other AES-based transforms (except for 
AES-XCBC-MAC-96)
- leave things as is, but explain why AES-CBC differs in this respect from 
the others

Regards,
Valery Smyslov.


----- Original Message ----- 
From: "Yaron Sheffer" <yaronf.ietf@gmail.com>
To: "ipsec" <ipsec@ietf.org>
Sent: Tuesday, February 25, 2014 10:48 PM
Subject: [IPsec] Working Group Last Call: draft-ietf-ipsecme-esp-ah-reqts


> Hi, this is to start a 2-week working group last call on the revised 
> Algorithm Implementation Requirements document, ending March 11. The draft 
> is at: http://tools.ietf.org/html/draft-ietf-ipsecme-esp-ah-reqts-01. We 
> should have last called the draft a while ago, and I apologize for the 
> delay.
>
> The changes from the existing requirements are listed in Sec. 2.5 of the 
> draft, but most of this (rather short) document is new and describes the 
> rationale for the choice of algorithms and requirement levels.
>
> Please read this draft and send any comments to the WG mailing list, even 
> if the comments are "I see no problems". Comments such as "I do not 
> understand this part" or "this part could be explained better in this way" 
> are particularly useful at this point.
>
> Thanks,
>     Yaron
>
> _______________________________________________
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec