On Mon, 29 Jan 2024, Xialiang(Frank, IP Security Standard) wrote:
We have submitted this new draft “Using ShangMi in the Internet Key Exchange Protocol Version 2 (IKEv2)”, which defines a set of cryptographic transforms for using in the IKEv2 based on Chinese cryptographic standard algorithms (called "ShangMi" or “SM” algorithms). The SM algorithms are mandatory in China, so this document provides a description of how to use the SM algorithms with IKEv2 and specifies a set of cryptographic transforms so that implementers can produce interworking implementations.
Thanks for the document. I believe the best way forward for these would be via the ISE. In which case the Working Group and Intended Status would need to be updated. But if the document proceeds that way, please keep the IPsecME WG in the loop. All the registries involved are "Expert Review", so it can be registered regardless of where or how the specification is published. As for the draft itself, I have two questions. Is the CBC variant really neccessary? CBS is being made historic or deprecated for all other IETF uses (eg see TLS 1.3). Why introduce it now for IKEv2 and ESP in combination with ShangMi ? For the GCM variants, do you know if these can make use of the ghash hardware instructions? As in, would ENCR_SM4_GCM also benefit from CPU hardware instructions available? Regards, Paul
Your comments are warmly welcome! B.R. Frank -----邮件原件----- 发件人: internet-dra...@ietf.org <internet-dra...@ietf.org> 发送时间: 2024年1月29日 14:09 收件人: Xialiang(Frank, IP Security Standard) <frank.xiali...@huawei.com>; guoyanfei <guoyanf...@huawei.com>; Yu Fu <fuy...@chinaunicom.cn> 主题: New Version Notification for draft-guo-ipsecme-ikev2-using-shangmi-00.txt A new version of Internet-Draft draft-guo-ipsecme-ikev2-using-shangmi-00.txt has been successfully submitted by Liang Xia and posted to the IETF repository. Name: draft-guo-ipsecme-ikev2-using-shangmi Revision: 00 Title: Using ShangMi in the Internet Key Exchange Protocol Version 2 (IKEv2) Date: 2024-01-29 Group: Individual Submission Pages: 14 URL: https://www.ietf.org/archive/id/draft-guo-ipsecme-ikev2-using-shangmi-00.txt Status: https://datatracker.ietf.org/doc/draft-guo-ipsecme-ikev2-using-shangmi/ HTMLized: https://datatracker.ietf.org/doc/html/draft-guo-ipsecme-ikev2-using-shangmi Abstract: This document defines a set of cryptographic transforms for using in the Internet Key Exchange Protocol version 2 (IKEv2). The transforms are based on Chinese cryptographic standard algorithms (called "ShangMi" or “SM” algorithms). The use of these algorithms with IKEv2 is not endorsed by the IETF. The SM algorithms are mandatory in China, so this document provides a description of how to use the SM algorithms with IKEv2 and specifies a set of cryptographic transforms so that implementers can produce interworking implementations. The IETF Secretariat _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
