From bew@cisco.com Tue Jan 12 14:36:04 2010 Return-Path: X-Original-To: msec@core3.amsl.com Delivered-To: msec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C923C3A6877 for ; Tue, 12 Jan 2010 14:36:04 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -10.599 X-Spam-Level: X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yqkY7Z-ljwhP for ; Tue, 12 Jan 2010 14:36:03 -0800 (PST) Received: from sj-iport-4.cisco.com (sj-iport-4.cisco.com [171.68.10.86]) by core3.amsl.com (Postfix) with ESMTP id B735E3A683F for ; Tue, 12 Jan 2010 14:36:03 -0800 (PST) Authentication-Results: sj-iport-4.cisco.com; dkim=neutral (message not signed) header.i=none X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApoEAB+ITEurRN+J/2dsb2JhbADBdYkWCYtVAoJEgWoE X-IronPort-AV: E=Sophos;i="4.49,264,1262563200"; d="scan'208";a="73517678" Received: from sj-core-3.cisco.com ([171.68.223.137]) by sj-iport-4.cisco.com with ESMTP; 12 Jan 2010 22:36:01 +0000 Received: from dhcp-128-107-163-107.cisco.com (dhcp-128-107-163-107.cisco.com [128.107.163.107]) by sj-core-3.cisco.com (8.13.8/8.14.3) with ESMTP id o0CMa10I007229 for ; Tue, 12 Jan 2010 22:36:01 GMT Message-Id: <4727FE63-2D8A-44D7-9153-79D0F8D5550B@cisco.com> From: Brian Weis To: msec@ietf.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed; delsp=yes Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Apple Message framework v936) Date: Tue, 12 Jan 2010 14:35:58 -0800 References: <201001122105.WAA10704@TR-Sys.de> X-Mailer: Apple Mail (2.936) Subject: [MSEC] Fwd: draft-ietf-msec-ipsec-group-counter-modes-04 X-BeenThere: msec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Multicast Security List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jan 2010 22:36:04 -0000 Alfred H=CEnes reviewed this MSEC WG draft, but had trouble posting to =20= the list. His comments are attached. Brian Begin forwarded message: > From: Alfred H=CEnes > Date: January 12, 2010 1:05:19 PM PST > To: mcgrew@cisco.com, bew@cisco.com > Cc: msec@ietf.org > Subject: draft-ietf-msec-ipsec-group-counter-modes-04 > > Hello, > one nit and one DISCUSS for draft-ietf-msec-ipsec-group-counter-=20 > modes-04: > > > The easy one first: In the last paragraph of Section 2, > an indefinite article is missing; please insert it: > > [...], where single IPsec Security Association (SA) is used [...] > --- vvv > [...], where a single IPsec Security Association (SA) is used [...] > > > DISCUSS: > > There's a proliferation of documents that specify black-box exchanges > of the AES with other block ciphers with compatible interface for all > security protocols standardized in the IETF. > > In the interest of proper layering in the "crypto-toolbox", > simplifying the expected document set, and reducing the load on the > I-D approval and RFC publication processes, I strongly suggest to > immediately generalize your memo to "AES-like" block cipher. > > If that strategy is not followed, you can expect to have to deal with > follow-up documents for Camellia, SEED, ..., that do not add any new > information to the present draft. > > The document title already raises this expectation. > > The Abstract needlessly specializes to AES. > > In Section 1, some of the references to given are already neutral > regarding the cipher, inparticular RFC 2386 is that for CTR mode. > > I suggest to outline the general framework of using counter modes > with a block cipher primitive and instantiate that with the AES > examples and related references. > > Every detail given in subsequent sections is not specific to the AES > but immediately generalizes to any block cipher with a 128-bit block > size. That should be made explicit, IMO. > > In Section 2, it almost suffices to simply s/AES/block cipher/g . > In Sections 3..6 and Appendix A, "AES" does not even appear in the =20 > text. > > Appendix B with AES-GCM as an example is perfectly ok. > > > Kind regards, > Alfred H=CEnes. > > --=20 > > +------------------------=20 > +--------------------------------------------+ > | TR-Sys Alfred Hoenes | Alfred Hoenes Dipl.-Math., Dipl.-=20 > Phys. | > | Gerlinger Strasse 12 | Phone: (+49)7156/9635-0, Fax: =20 > -18 | > | D-71254 Ditzingen | E-Mail: ah@TR-=20 > Sys.de | > +------------------------=20 > +--------------------------------------------+ > --=20 Brian Weis Router/Switch Security Group, ARTG, Cisco Systems Telephone: +1 408 526 4796 Email: bew@cisco.com From john.mattsson@ericsson.com Sat Jan 30 09:32:03 2010 Return-Path: X-Original-To: msec@core3.amsl.com Delivered-To: msec@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5231B3A68B7 for ; Sat, 30 Jan 2010 09:32:03 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.249 X-Spam-Level: X-Spam-Status: No, score=-6.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Buk0C+Rpistf for ; Sat, 30 Jan 2010 09:32:02 -0800 (PST) Received: from mailgw5.ericsson.se (mailgw5.ericsson.se [193.180.251.36]) by core3.amsl.com (Postfix) with ESMTP id 3E30E3A6827 for ; Sat, 30 Jan 2010 09:32:01 -0800 (PST) X-AuditID: c1b4fb24-b7c64ae000005cb7-e8-4b646d2b77ed Received: from esealmw129.eemea.ericsson.se (Unknown_Domain [153.88.253.125]) by mailgw5.ericsson.se (Symantec Mail Security) with SMTP id EF.DE.23735.B2D646B4; Sat, 30 Jan 2010 18:32:27 +0100 (CET) Received: from esealmw121.eemea.ericsson.se ([153.88.200.80]) by esealmw129.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.3959); Sat, 30 Jan 2010 18:32:03 +0100 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Sat, 30 Jan 2010 18:32:03 +0100 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Draft update: draft-mattsson-mikey-ticket-01 Thread-Index: AcqhyVEe70JDiSs8TIGlO4Jx0Mzihg== From: "John Mattsson" To: X-OriginalArrivalTime: 30 Jan 2010 17:32:03.0585 (UTC) FILETIME=[22FF6F10:01CAA1D2] X-Brightmail-Tracker: AAAAAA== Cc: Rolf Blom J , =?iso-8859-1?Q?Eva_Fogelstr=F6m?= Subject: [MSEC] Draft update: draft-mattsson-mikey-ticket-01 X-BeenThere: msec@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: Multicast Security List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Jan 2010 17:32:03 -0000 Dear all, We have submitted an updated version of the draft "MIKEY-TICKET: An = Additional Mode of Key Distribution in Multimedia Internet KEYing = (MIKEY)". This version is intended for IETF last call. http://tools.ietf.org/html/draft-mattsson-mikey-ticket-01 Updates since the 00 version includes: - status changed to informational - added a notation (') for forked keys - added figure illustrating the trust model - changes to the key derivation (length fields and app id) and MAC = coverage=20 - removed MPK in CSB update - added support for 256-bit keys - editorials. Comments/recommendations would be appreciated. Best regards, John Mattsson