On Thu, Aug 1, 2024 at 10:04 AM Valery Smyslov
wrote:
> Hi Paul,
>
>
>
> That assumes that you allow a different KE from the IKE KE for the child?
> That is
>
> questionable at best to begin with.
>
>
>
> I meant that the policy may be:
>
>
>
> - use AES-GCM with P256
>
>
Daniel Shiu wrote:
> While working on cryptographic inventory tools, I noticed that the IKE
> authentication methos AUTH_HMAC_SHA1_96 (SHA1-based HMAC truncated to
> 96-bits) is permitted in IKEv2 per RFC 8247 (status MUST- according t
Note, it's *HMAC* SHA1.
> Have I missed the
On Tue, Aug 06, 2024 at 12:31:21PM -0400, Michael Richardson wrote:
>
> Daniel Shiu wrote:
> > While working on cryptographic inventory tools, I noticed that the IKE
> > authentication methos AUTH_HMAC_SHA1_96 (SHA1-based HMAC truncated to
> > 96-bits) is permitted in IKEv2 per RFC 82
Benjamin Kaduk wrote:
> On Tue, Aug 06, 2024 at 12:31:21PM -0400, Michael Richardson wrote:
>>
>> Daniel Shiu wrote:
>> > While working on cryptographic inventory tools, I noticed that the IKE
>> > authentication methos AUTH_HMAC_SHA1_96 (SHA1-based HMAC truncated to
>> >
I recall an argument that a truncated auth tag increased the likelihood of
collision (though still within the acceptable bound), and made the verification
of the auth key guess harder.
--
V/R,
Uri
On 8/6/24, 13:52, "Michael Richardson" mailto:mcr+i...@sandelman.ca>> wrote:
Benjamin K
> -Original Message-
> From: Benjamin Kaduk
> Sent: Tuesday, August 6, 2024 1:17 PM
> To: Michael Richardson
> Cc: Daniel Shiu ; ipsec@ietf.org
> Subject: [IPsec] Re: AUTH_HMAC_SHA1_96 not formally deprecated
>
> On Tue, Aug 06, 2024 at 12:31:21PM -0400, Michael Richardson wrote:
> >
>
