[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
My remaining DISCUSS on draft-iab-sec-cons-02.txt
There is a transcription error in section 6.2.1.3 . It says:
The use of this authentication type means the VRRP protocol exchanges
are authenticated using the mechanisms defined by the IP Authentica-
tion Header [AH] using [HMAC].
[HMAC] Krawczyk, H., Bellare, M., Canetti, R., "HMAC: Keyed-Hashing
for Message Authentication", RFC 2104, February 1997.
However, RFC 2338 actually says:
The use of this authentication type means the VRRP protocol exchanges
are authenticated using the mechanisms defined by the IP
Authentication Header [AUTH] using "The Use of HMAC-MD5-96 within ESP
and AH" [HMAC].
[HMAC] Madson, C., and R. Glenn, "The Use of HMAC-MD5-96 within
ESP and AH", Work in Progress.
So, RFC2338's [HMAC] reference was to RFC2403, which wasn't published
yet.
The fix for the sec-cons draft is:
- Fix the [HMAC] reference to refer to RFC2403
- Remove the sentence that says "Additionally, there should be a required
algorithm (HMAC-SHA1)", since clearly HMAC-MD5-96 is the required
algorithm.
Bill