On Wed, Sep 02, 2009 at 02:54:33PM -0500, Nicolas Williams wrote: > All that said, I'm reasonably happy with RFC5647, but there are several > issues that I think should have been addressed prior to publication: > > - 'fixed' appears to be fixed per-_key exchange_, not for the life > of the connection. This one, in particular, is a complete and > utter guess on my part. I should point out that it's obvious enough that 'fixed' is fixed per-_key exchange_ simply because otherwise security would be compromised after more than 2^64 invocations. Other comments: - The algorithm names registered by this RFC with the IANA do NOT match the style of naming of previously existing algorithm names. The previous alg names were all lower-case LDH (letters digits and hyphens). The new ones are all upper-case letters, digits, and underscore. Earlier versions of the I-D had alg names with the "proper" style. What happened? - The Security Considerations section is silent on re-keying requirements (i.e., when and how often to re-key). It should not have been. Nico --
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.