|Main Archive Page > Month Archives > ipsec archives|
Frankel, Sheila E. writes:
> #111: Can IKEv1 negotiate combined algorithms to be used by IPsec-v3?
> Proposed changes to Roadmap doc:
> 1) Add text to section 5.4 (Combined Mode Algorithms)
> Additional text:
> Some IKEv1 implementations have added the capability to negotiate
> combined mode algorithms for use in IPsec SAs; these implementations
> do not include the capability to use combined mode algorithms to protect
> IKE SAs. Since combined mode algorithms are not a feature of IPsec-v2,
> these IKEv1 implementations are used in conjunction with IPsec-v3. IANA
> numbers for combined mode algorithms have been added to the IKEv1 registry.
That text seems ok.
> 2) Change IKEv2 and IPsec-v2 requirement levels
> Requirements levels for AES-GMAC:
> old IKEv2 - optional
> new IKEv2 - optional (integrity-protection algorithm)
> N/A (combined mode algorithm with NULL encryption)
IKEv2 SA cannot be used with NULL encryption, so using AES-GMAC requires some other encryption algorithm when used in IKEv2. AES-GMAC requires IV and some other encryption algorithm used with it also requires IV, which means we require two IVs or they require sharing the IV, which might not be possible as there IV generation rules (and lengths) might be different.
I do not think it is possible to use AES-GMAC at all to protect IKEv2 traffic, and also it does not make any sense to use AES-GMAC as it says that it is to be used when no confidentiality is desired, and as in IKEv2 that is required then AES-GCM should be used instead.
If confidentiality is desired, then GCM ESP [RFC4106] SHOULD be used instead.
So I think the correct change is
IKEv2 - N/A (IKEv2 requires encryption). -- firstname.lastname@example.org _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec