Re: I-D Action:draft-ietf-6man-node-req-bis-00.txt
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D Action:draft-ietf-6man-node-req-bis-00.txt

Hi John,

The draft states:

   The DES-CBC encryption algorithm [28] SHOULD NOT be supported within
   ESP.  Security issues related to the use of DES are discussed in
   'DESDIFF', 'DESINT', and 'DESCRACK'.  DES-CBC is still listed as
   required by the existing IPsec RFCs, but updates to these RFCs will
   be published in the near future.  DES provides 56 bits of protection,
   which is no longer considered sufficient.

You reference RFC4835 and the RFC already makes DES-CBC as a
SHOULD-NOT. I think you can totally remove this section. As the IPsec
RFC already talks about it.

The draft states:

   Since ESP encryption and authentication are both optional, support
   for the NULL encryption algorithm [27] and the NULL authentication
   algorithm [24] MUST be provided to maintain consistency with the way
   these services are negotiated.

The IPsec RFC clearly states that NULL authentication algorithm is now
a MAY and not a MUST - from RFC4303 the below:

   However, this standard does not
   require ESP implementations to offer an encryption-only service.

Thanks,
Vishwas


On Feb 11, 2008 2:00 PM,  <john.loughney at nokia.com> wrote:
> Hi all,
>
> I have updated this draft. I had to wrestle with the nroff to get it
> into xml.  I spent
> too much time with that, so I ended up mostly updating the references
> and fixing the errata.
>
> I have not done to much editorial control, checking on what has changed
> on the many RFC
> updates since this was issued.  That is my next task, I will try to spin
> a quick revision.
>
> John
>
>
> >-----Original Message-----
> >From: ipv6-bounces at ietf.org [mailto:ipv6-bounces at ietf.org]
> >Sent: 11 February, 2008 12:30
> >To: i-d-announce at ietf.org
> >Cc: ipv6 at ietf.org
> >Subject: I-D Action:draft-ietf-6man-node-req-bis-00.txt
> >
> >A New Internet-Draft is available from the on-line
> >Internet-Drafts directories.
> >This draft is a work item of the IPv6 Maintenance Working
> >Group of the IETF.
> >
> >
> >       Title           : IPv6 Node Requirements RFC 4294-bis
> >       Author(s)       : J. Loughney
> >       Filename        : draft-ietf-6man-node-req-bis-00.txt
> >       Pages           : 20
> >       Date            : 2008-02-07
> >
> >This document defines requirements for IPv6 nodes.  It is
> >expected that IPv6 will be deployed in a wide range of devices
> >and situations.
> >Specifying the requirements for IPv6 nodes allows IPv6 to
> >function well and interoperate in a large number of situations
> >and deployments.
> >
> >A URL for this Internet-Draft is:
> >http://www.ietf.org/internet-drafts/draft-ietf-6man-node-req-bis-00.txt
> >
> >To remove yourself from the I-D Announcement list, send a
> >message to i-d-announce-request at ietf.org with the word
> >unsubscribe in the body of the message.
> >You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce
> >to change your subscription settings.
> >
> >Internet-Drafts are also available by anonymous FTP. Login
> >with the username "anonymous" and a password of your e-mail
> >address. After logging in, type "cd internet-drafts" and then
> >       "get draft-ietf-6man-node-req-bis-00.txt".
> >
> >A list of Internet-Drafts directories can be found in
> >http://www.ietf.org/shadow.html or
> >ftp://ftp.ietf.org/ietf/1shadow-sites.txt
> >
> >Internet-Drafts can also be obtained by e-mail.
> >
> >Send a message to:
> >       mailserv at ietf.org.
> >In the body type:
> >       "FILE /internet-drafts/draft-ietf-6man-node-req-bis-00.txt".
> >
> >NOTE:   The mail server at ietf.org can return the document in
> >       MIME-encoded form by using the "mpack" utility.  To use this
> >       feature, insert the command "ENCODING mime" before the "FILE"
> >       command.  To decode the response(s), you will need "munpack" or
> >       a MIME-compliant mail reader.  Different MIME-compliant
> >mail readers
> >       exhibit different behavior, especially when dealing with
> >       "multipart" MIME messages (i.e. documents which have been split
> >       up into multiple messages), so check your local documentation on
> >       how to manipulate these messages.
> >
> >Below is the data which will enable a MIME compliant mail
> >reader implementation to automatically retrieve the ASCII
> >version of the Internet-Draft.
> >
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6 at ietf.org
> Administrative Requests: http://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6 at ietf.org
Administrative Requests: http://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.