draft-ietf-ipsecme-esp-ah-reqts-08.txt   draft-ietf-ipsecme-esp-ah-reqts-09.txt 
Network Working Group D. McGrew Network Working Group D. McGrew
Internet-Draft Cisco Systems Internet-Draft Cisco Systems
Obsoletes: 4835 (if approved) P. Hoffman Obsoletes: 4835 (if approved) P. Hoffman
Intended status: Standards Track VPN Consortium Intended status: Standards Track VPN Consortium
Expires: November 16, 2014 May 15, 2014 Expires: November 17, 2014 May 16, 2014
Cryptographic Algorithm Implementation Requirements and Usage Guidance Cryptographic Algorithm Implementation Requirements and Usage Guidance
for Encapsulating Security Payload (ESP) and Authentication Header (AH) for Encapsulating Security Payload (ESP) and Authentication Header (AH)
draft-ietf-ipsecme-esp-ah-reqts-08 draft-ietf-ipsecme-esp-ah-reqts-09
Abstract Abstract
This Internet Draft is a standards track proposal to update the This Internet Draft is a standards track proposal to update the
Cryptographic Algorithm Implementation Requirements for ESP and AH; Cryptographic Algorithm Implementation Requirements for ESP and AH;
it also adds usage guidance to help in the selection of these it also adds usage guidance to help in the selection of these
algorithms. algorithms.
The Encapsulating Security Payload (ESP) and Authentication Header The Encapsulating Security Payload (ESP) and Authentication Header
(AH) protocols make use of various cryptographic algorithms to (AH) protocols make use of various cryptographic algorithms to
skipping to change at page 2, line 4 skipping to change at page 2, line 4
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 16, 2014. This Internet-Draft will expire on November 17, 2014.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 6, line 22 skipping to change at page 6, line 22
gigabytes of data will be encrypted with a single key. As a 64-bit gigabytes of data will be encrypted with a single key. As a 64-bit
block cipher, it leaks information about plaintexts above that block cipher, it leaks information about plaintexts above that
"birthday bound" [M13]. Triple-DES CBC is listed as a MAY implement "birthday bound" [M13]. Triple-DES CBC is listed as a MAY implement
for the sake of backwards compatibility, but its use is discouraged. for the sake of backwards compatibility, but its use is discouraged.
4. Rationale 4. Rationale
This section explains the principles behind the implementation This section explains the principles behind the implementation
requirements described above. requirements described above.
The algorithms listed as MAY-implement are not meant to be endorsed The algorithms listed as "MAY implement" are not meant to be endorsed
over other non-standard alternatives. All of the algorithms that over other non-standard alternatives. All of the algorithms that
appeared in [RFC4835] are included in this document, for the sake of appeared in [RFC4835] are included in this document, for the sake of
continuity. In some cases, these algorithms have moved from being continuity. In some cases, these algorithms have moved from being
"SHOULD implement" to "MAY implement" algorithms. "SHOULD implement" to "MAY implement" algorithms.
4.1. Authenticated Encryption 4.1. Authenticated Encryption
This document encourages the use of authenticated encryption This document encourages the use of authenticated encryption
algorithms because they can provide significant efficiency and algorithms because they can provide significant efficiency and
throughput advantages, and the tight binding between authentication throughput advantages, and the tight binding between authentication
 End of changes. 4 change blocks. 
4 lines changed or deleted 4 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/