Hi Paul, Paul Hoffman writes: > > > Ditto for Proposal #2: is there a good reason for you to not have > >> included an INTEG transform? > >I was trying to illustrate a combined mode algorithm. May have got it wrong... > > That would be INTEG = NULL.
Omitting it completely is also allowed (section 3.3.3): A proposal MAY omit the optional types if the only value for them it will accept is NONE. Look also at section 2.7 If an initiator proposes both normal ciphers with integrity protection as well as combined-mode ciphers, then two proposals are needed. One of the proposals includes the normal ciphers with the integrity algoritms for them, and the other proposal includes all the combined mode ciphers without the integrity algorithms (because combined mode ciphers are not allowed to have any integrity algorithm other than "none"). ...ant at section 3.3: Combined-mode ciphers include both integrity and encryption in a single encryption algorithm, and MUST either offer no integrity algorithm or a single integrity algorithm of "none", with no integrity algorithm being the RECOMMENDED method. Probably both cases (NONE and omitting) could be included in the diagram. Regards, Valery Smyslov. _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
