last call comments to draft-ietf-ipsec-ciph-aes-ccm-04.txt

[Jun-ichiro itojun Hagino <itojun@iijlab.net>]

	comments to draft-ietf-ipsec-ciph-aes-ccm-04.txt.

	in short: combine draft-ietf-ipsec-ciph-aes-ccm-04.txt and
	draft-housley-ccm-mode-02.txt, with fixing needless variables to
	fixed value, removing unneeded text.


	draft-ietf-ipsec-ciph-aes-ccm-04.txt refers to
	draft-housley-ccm-mode-02.txt wrt actual encryption, therefore i
	consider draft-housley-ccm-mode-02.txt be a companion document and 
	will be published at the same time.  am i correct?

	assuming the above, i have the following comments.

	it is unclear whether the portion of packet to be encrypted/
	authenticated by CCM mode is "message m" (page 2 of housley-ccm-mode-02)
	or "additional authentication data a" (page 3 of housley-ccm-mode-02).
	my guessing is it is "message m", but it is not explicitly documented.

	there are two "authentication output" defined in the document (T
	defined at the end of 2.2, and U defined at the end of 2.3).
	which value should be used as ESP ICV?  it is not specified in
	draft-ietf-ipsec-ciph-aes-ccm-04.txt.

	as for draft-housley-ccm-mode-02.txt, i would say the document needs
	more clarity.  for instance, how "additional authentication data a"
	gets encoded into authentication data source is rather unclear (page 4).
	a diagram or two would greatly help us here.

	i would really like to see these two documents combined.
	if draft-ietf-ipsec-ciph-aes-ccm-04.txt will not be using "additional
	authentication data a", the description in draft-housley-ccm-mode-02.txt
	page 4 could be greatly simplified.  also,
	draft-ietf-ipsec-ciph-aes-ccm-04.txt says that support for L = 4 is a
	MUST, and if there'll be no chance for using values other than 4,
	why not merging the document with restricting L into fixed value of 4?

itojun