[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

My remaining DISCUSS on draft-iab-sec-cons-02.txt

To: erik.nordmark@sun.com, iesg@ietf.org, iesg-secretary@ietf.org
Subject: My remaining DISCUSS on draft-iab-sec-cons-02.txt
From: Bill Fenner <fenner@research.att.com>
Date: Thu, 6 Feb 2003 16:04:20 -0800
Versions: dmail (solaris) 2.5a/makemail 2.9d

There is a transcription error in section 6.2.1.3 .  It says:

   The use of this authentication type means the VRRP protocol exchanges
   are authenticated using the mechanisms defined by the IP Authentica-
   tion Header [AH] using [HMAC].

   [HMAC]     Krawczyk, H., Bellare, M., Canetti, R., "HMAC: Keyed-Hashing
              for Message Authentication", RFC 2104, February 1997.

However, RFC 2338 actually says:

   The use of this authentication type means the VRRP protocol exchanges
   are authenticated using the mechanisms defined by the IP
   Authentication Header [AUTH] using "The Use of HMAC-MD5-96 within ESP
   and AH" [HMAC].

   [HMAC]    Madson, C., and R. Glenn, "The Use of HMAC-MD5-96 within   
             ESP and AH", Work in Progress.

So, RFC2338's [HMAC] reference was to RFC2403, which wasn't published
yet.

The fix for the sec-cons draft is:

- Fix the [HMAC] reference to refer to RFC2403
- Remove the sentence that says "Additionally, there should be a required
  algorithm (HMAC-SHA1)", since clearly HMAC-MD5-96 is the required
  algorithm.

  Bill

Prev by Date: Fwd: RE: IPR on draft-pillay-esnault-ospf-flooding-04.txt?
Next by Date: Re: Informational RFC to be: draft-irtf-idrm-handle-system-03.txt
Previous by thread: Fwd: RE: IPR on draft-pillay-esnault-ospf-flooding-04.txt?
Next by thread: Re: Informational RFC to be: draft-irtf-idrm-handle-system-03.txt
Index(es):
- Date
- Thread