Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-ikev2-02

To: sean.s.shen at gmail.com
Subject: Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-ikev2-02
From: Alfred Hönes <ah at TR-Sys.de>
Date: Fri, 23 Oct 2009 13:43:47 +0200 (MESZ)
Cc: ipsec at ietf.org, Paul_Koning at dell.com, draft-ietf-ipsecme-aes-ctr-ikev2 at cabernet.tools.IETF.ORG, kivinen at iki.fi
Delivered-to: ipsec at core3.amsl.com
In-reply-to: <80b5a9190910230412of646dadx991f3f9cc19b8e84 at mail.gmail.com> from Sean Shen at Oct "23, " 2009 "07:12:22" pm
List-archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-help: <mailto:ipsec-request@ietf.org?subject=help>
List-id: Discussion of IPsec protocols <ipsec.ietf.org>
List-post: <mailto:ipsec@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>

Sean Shen wrote:

> Section 2.2 says that "AES MUST use different rounds for each of the
> key sizes: ...".
> The draft is not trying to say that IKEv2 requires 10/12/14 rounds for
> 128/192/256 key lengths. The draft is not trying to say that AES-CTR
> requires 10/12/14 rounds for 128/192/256 key lengths.
>
> Sean
>
> ...

The "MUST" still makes the difference!  That is normative and does
NOT belong into this draft.  Although that would still be regarded
out of scope of your draft, I would be more willing to accept an
_informative_ statement like:

   "Note: AES uses different rounds for each of the key sizes: ...".
    ^^^^^^    ^^^^

But the most important topic remains:  The draft is ill-advised in
pretending that the interface of AES -- or, btw, *any* currently
sensibly used block cipher primitive of reasonable strength --
had an _external_ parameter "number of rounds" that upper protocol
(sub-)layers would need to have to deal with.
Otherwise, the "IKEv2 Transform Attribute Types" would have to
include an entry for "number of rounds", which it doesn't, and
you also do not aim at establishing such entry.

For the sake of terminological precision and consistency with
existing specifications (and such to avoid confusion), a draft about
the usage of a cryptographic primitive in IPsec/IKE should only
denote as "algorithm parameter" what indeed has to be expressed
as such in SA crypto-algorithm negotiations.

Kind regards,
  Alfred Hönes.

-- 

+------------------------+--------------------------------------------+
| TR-Sys Alfred Hoenes   |  Alfred Hoenes   Dipl.-Math., Dipl.-Phys.  |
| Gerlinger Strasse 12   |  Phone: (+49)7156/9635-0, Fax: -18         |
| D-71254  Ditzingen     |  E-Mail:  ah at TR-Sys.de                     |
+------------------------+--------------------------------------------+

Follow-Ups:
- Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-ikev2-02
  - From: Sean Shen

References:
- Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-ikev2-02
  - From: Sean Shen

Prev by Date: Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-ikev2-02
Next by Date: Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-ikev2-02
Previous by thread: Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-ikev2-02
Next by thread: Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-ikev2-02
Index(es):
- Date
- Thread

Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-ikev2-02

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.