Commercial National Security Algorithm (CNSA) Suite Cryptography for Internet Protocol Security (IPsec)
draft-corcoran-cnsa-ipsec-profile-06

Received changes through RFC Editor sync (created alias RFC 9206, changed abstract to 'The United States Government has published the National Security Agency's Commercial National Security Algorithm (CNSA) Suite, which defines cryptographic algorithm policy for national security applications.  This document specifies the conventions for using the United States National Security Agency's CNSA Suite algorithms in Internet Protocol Security (IPsec).  It applies to the capabilities, configuration, and operation of all components of US National Security Systems (described in NIST Special Publication 800-59) that employ IPsec.  This document is also appropriate for all other US Government systems that process high-value information.  It is made publicly available for use by developers and operators of these and any other system deployments.', changed pages to 13, changed standardization level to Informational, changed state to RFC, added RFC published event at 2022-03-01, changed ISE state to Published RFC)

(Via drafts-eval@iana.org): IESG/Authors/ISE:

The IANA Functions Operator has completed its review of draft-corcoran-cnsa-ipsec-profile-05. If any part of this review is inaccurate, please let us know.

We understand that when this document is sent to us for processing, we will perform one registry action.

The following entries will be added to the Cryptographic Suites for IKEv1, IKEv2, and IPsec registry at

https://www.iana.org/assignments/crypto-suites

        +-----------------------+--------------------------------+
        |      Identifier      |          Reference            |
        +-----------------------+--------------------------------+
        | CNSA-GCM-256-ECDH-384 | [this document when published] |
        +-----------------------+--------------------------------+
        | CNSA-GCM-256-DH-3072  | [this document when published] |
        +-----------------------+--------------------------------+
        | CNSA-GCM-256-DH-4096  | [this document when published] |
        +-----------------------+--------------------------------+

These registrations have already been approved by the designated expert.

Thank you,

Amanda
IANA Services Specialist

draft-corcoran-cnsa-ipsec-profile has been presented to the ISE for
publication as an Informational RFC on the Independent Stream.

==Purpose==

This document forms one of a series that set out the US Government's
Commercial National Security Algorithm (CNSA) Suite.  This document
specifies the conventions for using the CNSA Suite algorithms in
Internet Protocol Security.  It applies specifically to IPsec.

The series of documents are made publicly available through the RFC
Series for use by developers and operators of these and any other
system deployments.

== History==

This document has seen no discussion within the IETF.

The document was first brought to the ISE in December 2019 at version
-00. Since then it has been revised several times to address review
comments.

==Non-IETF Work==

The document title, the Abstract, and the Introduction make the scope
of this work clear. There is no risk of confusing this for IETF work.

==Security Considerations==

The whole document is relevant to Security. Nevertheless, the authors
have also provided a Security Considerations section to highlight some
additional points.

==IANA==

This document requests IANA to make assignments from the registry at
https://www.iana.org/assignments/crypto-suites
The assignment policy for that registry is "Expert Review and RFC
Required"

The Designated Expert for the registry is Tero Kivinen. Tero provided
a positive opinion in August 2020.

==Reviews==

Along its rather slow path, the document has been reviewed twice by the
ISE, by Tero as expert for the registry, and by Paul Hoffman as an IPsec
expert.

The reviews led to a number of updates to fully address the issues
raised.

Details of the reviews can be retrieved on request.

==Remaining Nits and Edits==

There are some nits around the use of BCP 14 language that the authors
will resolve in a new revision.