At 8:06 PM +0200 1/23/10, Yaron Sheffer wrote: > > Further, is there a good reason for you to have not included an ESN >> transform on Proposal #1? Section 3.3 says "The number of different >> transforms is generally determined by the Protocol. ... ESP generally >> has three: ESN, an encryption algorithm and an integrity check >> algorithm." >According to 3.3.3, ESN is mandatory for ESP and AH. So I should have included >it.
Good. > > Ditto for Proposal #2: is there a good reason for you to not have >> included an INTEG transform? >I was trying to illustrate a combined mode algorithm. May have got it wrong... That would be INTEG = NULL. > > This begs the related question: given that there is no MUST or should >> for what goes into a Proposal, what does an ESP proposal that only has >> an ENCR and INTEG in it mean with respect to what is being proposed for >> ESN? What does an ESP proposal that has only an ENCR and ESN in it mean >> with respect to what is being proposed for INTEG? I see no MUSTs or >> SHOULDs answering this. >3.3.3 says ESN is mandatory. Which means if it is omitted, the recipient will >reject the proposal. As I said, I don't see any MUST or SHOULD for that. It would be better if this was stated. A possible addition to 3.3.3 would be "A proposal that does not contain all of the mandatory transforms is malformed and MUST be rejected". --Paul Hoffman, Director --VPN Consortium _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
