[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
last call comments to draft-ietf-ipsec-ciph-aes-ccm-04.txt
comments to draft-ietf-ipsec-ciph-aes-ccm-04.txt.
in short: combine draft-ietf-ipsec-ciph-aes-ccm-04.txt and
draft-housley-ccm-mode-02.txt, with fixing needless variables to
fixed value, removing unneeded text.
draft-ietf-ipsec-ciph-aes-ccm-04.txt refers to
draft-housley-ccm-mode-02.txt wrt actual encryption, therefore i
consider draft-housley-ccm-mode-02.txt be a companion document and
will be published at the same time. am i correct?
assuming the above, i have the following comments.
it is unclear whether the portion of packet to be encrypted/
authenticated by CCM mode is "message m" (page 2 of housley-ccm-mode-02)
or "additional authentication data a" (page 3 of housley-ccm-mode-02).
my guessing is it is "message m", but it is not explicitly documented.
there are two "authentication output" defined in the document (T
defined at the end of 2.2, and U defined at the end of 2.3).
which value should be used as ESP ICV? it is not specified in
draft-ietf-ipsec-ciph-aes-ccm-04.txt.
as for draft-housley-ccm-mode-02.txt, i would say the document needs
more clarity. for instance, how "additional authentication data a"
gets encoded into authentication data source is rather unclear (page 4).
a diagram or two would greatly help us here.
i would really like to see these two documents combined.
if draft-ietf-ipsec-ciph-aes-ccm-04.txt will not be using "additional
authentication data a", the description in draft-housley-ccm-mode-02.txt
page 4 could be greatly simplified. also,
draft-ietf-ipsec-ciph-aes-ccm-04.txt says that support for L = 4 is a
MUST, and if there'll be no chance for using values other than 4,
why not merging the document with restricting L into fixed value of 4?
itojun