Daniel Migault writes:
>
> Correct. it must be a MUST. I also explicitly added that condition on nonce
> and counter needs to remain valid. The new text is as follows:
>
> When such mechanisms cannot be implemented and the session key is, for
> example, provisioned, the nodes MUST ensure that ke
On Sat, 31 Oct 2020, Yoav Nir wrote:
Thanks for getting back to me. What is missing from the IANA registry is the
guidance as to the status of the algorithm, how highly it is recommended or
not. This I-D tells people to go to RFC8247 and the IANA Registry for advice;
RFC8247 gives that advi
Thanks for the response and the reference. The Security Considerations
referred to 4086, but I thought that it would be useful to add the
reference from the nist. I have added the following sentence.
"""
In addition [SP-800-90A-Rev-1] provides appropriated guidances to build
random generators base
Hi,
Please find the updated version considering Tero's comments.
Yours,
Daniel
-- Forwarded message -
From:
Date: Mon, Nov 2, 2020 at 12:18 PM
Subject: [Lwip] I-D Action: draft-ietf-lwig-minimal-esp-02.txt
To:
Cc:
A New Internet-Draft is available from the on-line Internet-
tom petch writes:
> And RFC8247 specifies which algorithm are AEAD, the web page does not.
Actually RFC8247 does not specify which algorithms are AEAD. It only
specifies that information for those algorithms it lists. For example
it does not mention ENCR_AES_CCM_16 at all, thus it does not list
w
Hi all,
Antony, Steffen and I wrote a draft on increasing IPsec performance.
This is the method we are envisioning for the Linux kernel. There is
an experimental implementation in the kernel and libreswan/strongswan
IKE daemons.
It supports per-CPU and per-QoS Child SA's.
Paul
From: int
