[MSEC] review of draft-ietf-msec-ipsec-group-counter-modes-02

To: "Brian Weis (bew)" <bew at cisco.com>, "David McGrew (mcgrew)" <mcgrew at cisco.com>

Subject: [MSEC] review of draft-ietf-msec-ipsec-group-counter-modes-02

From: "Sheela Rowles (sheela)" <sheela at cisco.com>

Date: Mon, 26 Jan 2009 21:57:44 -0800

Authentication-results: sj-dkim-3; header.From=sheela at cisco.com; dkim=pass ( sig from cisco.com/sjdkim3002 verified; );

Cc: msec at ietf.org

Delivered-to: ietfarch-msec-archive at core3.amsl.com

Delivered-to: msec at core3.amsl.com

Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; l=4237; t=1233035886; x=1233899886; c=relaxed/simple; s=sjdkim3002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=sheela at cisco.com; z=From:=20=22Sheela=20Rowles=20(sheela)=22=20<sheela at cisco.c om> |Subject:=20review=20of=20draft-ietf-msec-ipsec-group-count er-modes-02 |Sender:=20; bh=+X+ObWT3LQjWcRgna3jmu5yRC+wXNKjtL6gL71CQ6KY=; b=fKMdX5BxqNK9UP6VEqCHD3TRU+GIsYzNYf16NO1eBIKGG7tWTYUKdLXs8g F3nOmyLMCOL2OYKyRGVhMfAR3VbtIVGeaFn73cASHkjWXfwAsj0ndSzUHbAI 8Ft837xqII;

List-archive: <http://www.ietf.org/pipermail/msec>

List-help: <mailto:msec-request@ietf.org?subject=help>

List-id: Multicast Security List <msec.ietf.org>

List-post: <mailto:msec@ietf.org>

List-subscribe: <https://www.ietf.org/mailman/listinfo/msec>, <mailto:msec-request@ietf.org?subject=subscribe>

List-unsubscribe: <https://www.ietf.org/mailman/listinfo/msec>, <mailto:msec-request@ietf.org?subject=unsubscribe>

Sender: msec-bounces at ietf.org

Thread-index: AcmARCu+iNQBlcGwSPuZ/6IBJA0cHA==

Thread-topic: review of draft-ietf-msec-ipsec-group-counter-modes-02

Brian asked me to review draft-ietf-msec-ipsec-group-counter-modes-02 and I finally got around to it. All my comments are minor clarification suggestions and/or questions so I'll leave it up to the authors whether to address the issues.

My comments:

1. there is no mention of an approved method to generate the SID. I assumed it's some acceptable method of generating random numbers.

2. There is a statement about the conforming implementation to support SID lengths of 8, 12, 16. Why is this?

3. Examples of the IV with a specific SID length would be useful in the context of a few senders with the same SA and a different SA.

4. In section 4, it says "A GKMS MUST support a GM notifying the GCKS that its IV space will soon be exhausted ..", and later that "A GCKS MAY choose to ignore this notification based on policy ...".

Maybe I've misunderstood something here?

Otherwise the draft looks good as is.

thanks,

Sheela

_______________________________________________ MSEC mailing list MSEC at ietf.org https://www.ietf.org/mailman/listinfo/msec