[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

draft-ietf-ccamp-lmp-08

To: iesg-secretary@ietf.org
Subject: draft-ietf-ccamp-lmp-08
From: Russ Housley <housley@vigilsec.com>
Date: Tue, 29 Apr 2003 17:13:42 -0400
Cc: iesg@ietf.org

Russ Housley [ ] [ ] [ X ] [ ]

Section 16.1 says:

o Security mechanism should provide for well defined key
management schemes. The key management schemes should be well
analyzed to be cryptographically secure. The key management
schemes should be scalable.

I think that automated key management SHOULD be provided.

Section 16.2 recommends the use of AH in tunnel mode. I would greatly prefer ESP in tunnel mode, even if confidentiality is not turned on. In my opinion, ESP with integrity-only security associations is better.

In section 16.2, the term "crypto channel" is not clear. Usually, it means "IPsec security association." Yet, sometimes it refers to both the IKE SA as well as the IPsec SA. I think that IKE SA and IPsec SA can be used.

In section 16.2, please change "man-in-the middle attacks" to "man-in-the-middle attacks."

Section 16.2 says:

Digital signature based authentication is not prone to such
problems. It is recommended using digital signature based
authentication mechanism where possible. If pre-shared key based
authentication is required, then aggressive mode SHOULD be used.
IKE pre-shared authentication key values SHOULD be protected in a
manner similar to the user's account password.

Please change "recommended" to upper case.

Prev by Date: Re: draft-ietf-sipping-basic-call-flows-02
Next by Date: spam & I'll shoot you
Previous by thread: draft-ietf-sipping-basic-call-flows-02
Next by thread: spam & I'll shoot you
Index(es):
- Date
- Thread