Re: [IPsec] I-D Action:draft-ietf-ipsecme-aes-ctr-ikev2-00.txt

Mon, 27 Jul 2009 12:06:48 -0700 

Thanks for getting this draft out. Here's a few comments, in general I would
like to copy RFC 3686 as much as possible. Specifically, more of Sec. 2.1 of
that RFC needs to appear here.

2.1: All IKEv2 implementations *that implement AES-CTR* MUST support...
(after all, this is a SHOULD algorithm).

3.2: RFC 4306, sec. 3.14 says the integrity checksum is a MUST in this
payload. So there's no need to justify it. Also, instead of pointing out a
"likely choice", please refer the reader to RFC 4307.

4. The second paragraph is critical to understanding how the Encrypted
Payload is created. But it's extremely unclear: is this "counter block" put
explicitly into the payload? Where? In fact, why is the counter block
different from that defined by RFC 3686?

Block Counter: the sentence "The block counter field is the least
significant 32 bits of the counter block" is confusing. Why not just say
that the counter is 32 bits, and it's allowed to wrap around when it reaches
0xFFFF.

Thanks,
        Yaron

> -----Original Message-----
> From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf Of
> internet-dra...@ietf.org
> Sent: Monday, July 27, 2009 13:30
> To: i-d-annou...@ietf.org
> Cc: ipsec@ietf.org
> Subject: [IPsec] I-D Action:draft-ietf-ipsecme-aes-ctr-ikev2-00.txt
> 
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> This draft is a work item of the IP Security Maintenance and Extensions
> Working Group of the IETF.
> 
> 
>       Title           : Using Advanced Encryption Standard (AES) Counter
> Mode with IKEv2
>       Author(s)       : S. Shen, et al.
>       Filename        : draft-ietf-ipsecme-aes-ctr-ikev2-00.txt
>       Pages           : 14
>       Date            : 2009-07-27
> 
> This document describes the usage of Advanced Encryption Standard
> Counter Mode (AES_CTR), with an explicit initialization vector, by
> IKEv2 for encrypting the IKEv2 exchanges that follow the IKE_SA_INIT
> exchange.
> 
> A URL for this Internet-Draft is:
> http://www.ietf.org/internet-drafts/draft-ietf-ipsecme-aes-ctr-ikev2-
> 00.txt
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> Below is the data which will enable a MIME compliant mail reader
> implementation to automatically retrieve the ASCII version of the
> Internet-Draft.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to