Skip to main content

Modes of Operation for Camellia for Use with IPsec
draft-kato-ipsec-camellia-modes-10

Revision differences

Document history

Date Rev. By Action
2012-08-22
10 (System) post-migration administrative database adjustment to the No Objection position for Chris Newman
2012-08-22
10 (System) post-migration administrative database adjustment to the No Objection position for Pasi Eronen
2009-04-01
10 (System) IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor
2009-04-01
10 (System) IANA Action state changed to Waiting on RFC Editor from In Progress
2009-04-01
10 (System) IANA Action state changed to In Progress from Waiting on Authors
2009-03-24
10 Amy Vezza State Changes to RFC Ed Queue from Approved-announcement sent by Amy Vezza
2009-03-23
10 (System) IANA Action state changed to Waiting on Authors from In Progress
2009-03-23
10 (System) IANA Action state changed to In Progress
2009-03-22
10 Amy Vezza IESG state changed to Approved-announcement sent
2009-03-22
10 Amy Vezza IESG has approved the document
2009-03-22
10 Amy Vezza Closed "Approve" ballot
2009-03-22
10 Amy Vezza State Changes to Approved-announcement to be sent from IESG Evaluation::AD Followup by Amy Vezza
2009-03-21
10 Chris Newman [Ballot Position Update] Position for Chris Newman has been changed to No Objection from Discuss by Chris Newman
2009-02-26
10 Pasi Eronen [Ballot comment]
2009-02-26
10 Pasi Eronen [Ballot Position Update] Position for Pasi Eronen has been changed to No Objection from Undefined by Pasi Eronen
2009-02-26
10 Pasi Eronen [Ballot Position Update] Position for Pasi Eronen has been changed to Undefined from Discuss by Pasi Eronen
2009-02-26
10 (System) Sub state has been changed to AD Follow up from New Id Needed
2009-02-26
10 (System) New version available: draft-kato-ipsec-camellia-modes-10.txt
2008-11-07
10 (System) Removed from agenda for telechat - 2008-11-06
2008-11-06
10 Amy Vezza State Changes to IESG Evaluation::Revised ID Needed from IESG Evaluation by Amy Vezza
2008-11-06
10 Amy Vezza [Note]: 'document shepherd is Kato Akihiro� <akato@po.ntts.co.jp>' added by Amy Vezza
2008-11-06
10 Chris Newman
[Ballot discuss]
At a minimum, I'd like to see text in the document (or an IESG note)
pointing to the mandatory-to-implement cipher suites for IPsec …
[Ballot discuss]
At a minimum, I'd like to see text in the document (or an IESG note)
pointing to the mandatory-to-implement cipher suites for IPsec (and
their successors), and pointing out they're necessary for interoperability
with other standards compliant IPsec software.
2008-11-06
10 Chris Newman
[Ballot comment]
Every time we add yet-another symmetric cipher on the standards track,
we create another code-path that could contain security bugs in deployed
software …
[Ballot comment]
Every time we add yet-another symmetric cipher on the standards track,
we create another code-path that could contain security bugs in deployed
software and we create new opportunities for interoperability failures.
While we should register code points for the various national algorithms
that are functionally equivalent to the the IETF mandatory-to-implement
algorithm, I'd prefer these not be on the standards track to make it
clear what's recommended for interoperability.

I observe RFC 4308 was necessary to address the IPsec security
algorithm smorgasbord problem and documents an IPsec WG consensus
to minimize the number of named suites.  I question if there is a
real IETF consensus to make Camellia one of the fully standardized
ciphers the IETF promotes.
2008-11-06
10 Jari Arkko [Ballot Position Update] New position, No Objection, has been recorded by Jari Arkko
2008-11-06
10 Jari Arkko [Ballot comment]
Agree with Pasi's discuss.
2008-11-06
10 David Ward [Ballot Position Update] New position, No Objection, has been recorded by David Ward
2008-11-06
10 Ross Callon [Ballot Position Update] New position, No Objection, has been recorded by Ross Callon
2008-11-06
10 Magnus Westerlund [Ballot Position Update] New position, No Objection, has been recorded by Magnus Westerlund
2008-11-06
10 Jon Peterson [Ballot Position Update] New position, No Objection, has been recorded by Jon Peterson
2008-11-05
10 Mark Townsley [Ballot Position Update] New position, No Objection, has been recorded by Mark Townsley
2008-11-05
10 Chris Newman
[Ballot discuss]
Every time we add yet-another symmetric cipher on the standards track,
we create another code-path that could contain security bugs in deployed
software …
[Ballot discuss]
Every time we add yet-another symmetric cipher on the standards track,
we create another code-path that could contain security bugs in deployed
software and we create new opportunities for interoperability failures.
While I do not object to registration of code points for what I consider
to be vanity ciphers (anything other than IETF mandatory to implement or
very widely deployed symmetric ciphers), the IANA registry for this is
expert review and does not require a standards track document.

I observe RFC 4308 was necessary to address the IPsec security
algorithm smorgasbord problem and documents an IPsec WG consensus
to minimize the number of named suites.  I question if there is a
real IETF consensus to make Camellia one of the fully standardized
ciphers the IETF promotes.

See also my discuss on draft-kato-camellia-ctrccm about cautionary
text.
2008-11-05
10 Chris Newman [Ballot Position Update] New position, Discuss, has been recorded by Chris Newman
2008-11-05
10 Dan Romascanu [Ballot Position Update] New position, No Objection, has been recorded by Dan Romascanu
2008-11-05
10 Lars Eggert [Ballot comment]
Why isn't this coming via IPSECME?
2008-11-05
10 Lars Eggert [Ballot Position Update] New position, No Objection, has been recorded by Lars Eggert
2008-11-05
10 Pasi Eronen
[Ballot comment]
Idnits complains about unused references: [7], [8], [18], and [19]
are not cited anywhere in the text (and the first two are listed …
[Ballot comment]
Idnits complains about unused references: [7], [8], [18], and [19]
are not cited anywhere in the text (and the first two are listed
as normative references!).

Section 3, the sentence "NIST has defined seven modes of operation...";
the number "seven" is already out of date, and will probably be
soon after this is published.
2008-11-05
10 Pasi Eronen
[Ballot discuss]
This document copies most of its text (over ten pages) verbatim from
RFC 4309 and 3686 -- and doesn't even acknowledge the source. …
[Ballot discuss]
This document copies most of its text (over ten pages) verbatim from
RFC 4309 and 3686 -- and doesn't even acknowledge the source.
I'd *strongly* suggest not copying it, and instead using a reference
(basically compressing the ten pages to one paragraph, saying that Camellia in CTR and CCM modes is used in IPsec exactly the same way
as AES in RFCs 4309 and 3686).

The document also needs to clearly define its relationship to RFC
4312
(which already defines how to use Camellia with IPsec/ESP, and
how to negotiate it with IKEv1); it seems for CBC mode, the only
thing needed is the IANA assignment in the IKEv2 registry (IKEv1
registry already has it).

Process note: The document has a normative downref that wasn't called
out during the IETF Last Call, and isn't listed in the DownRef
registry. It was a normative reference in RFC 4312 and 4132, too,
so probably just updating the DownRef registry would be enough.
2008-11-05
10 Pasi Eronen [Ballot Position Update] New position, Discuss, has been recorded by Pasi Eronen
2008-11-04
10 Russ Housley [Ballot Position Update] New position, No Objection, has been recorded by Russ Housley
2008-10-31
10 Tim Polk Placed on agenda for telechat - 2008-11-06 by Tim Polk
2008-10-31
10 Tim Polk State Changes to IESG Evaluation from Waiting for AD Go-Ahead by Tim Polk
2008-10-31
10 Tim Polk [Note]: 'document shepherd is Kato Akihiro  <akato@po.ntts.co.jp>' added by Tim Polk
2008-10-31
10 Tim Polk [Ballot Position Update] New position, Yes, has been recorded for Tim Polk
2008-10-31
10 Tim Polk Ballot has been issued by Tim Polk
2008-10-31
10 Tim Polk Created "Approve" ballot
2008-08-05
09 (System) New version available: draft-kato-ipsec-camellia-modes-09.txt
2008-06-27
08 (System) New version available: draft-kato-ipsec-camellia-modes-08.txt
2008-06-12
10 Samuel Weiler Request for Last Call review by SECDIR Completed. Reviewer: Derek Atkins.
2008-06-10
10 (System) State has been changed to Waiting for AD Go-Ahead from In Last Call by system
2008-05-29
10 Amanda Baber
IANA Last Call comments:

Upon approval of this document, IANA understands that it must
complete a single action.

IANA will add five new values to …
IANA Last Call comments:

Upon approval of this document, IANA understands that it must
complete a single action.

IANA will add five new values to the IKEv2 Parameters registry
located at:

http://www.iana.org/assignments/ikev2-parameters

In the registry named: "IKEv2 Transform Attribute Types" For
Transform Type 1 (Encryption Algorithm), the following five new
values will be added to the registry:

Number Name
------ ---------------------------------
tbd ENCR_CAMELLIA_CBC
tbd ENCR_CAMELLIA_CTR
tbd ENCR_CAMELLIA_CCM with an 8-octet ICV
tbd ENCR_CAMELLIA_CCM with a 12-octet ICV
tbd ENCR_CAMELLIA_CCM with a 16-octet ICV


IANA understands that the addition of these five values are the
complete set of IANA Actions for this document.
2008-05-15
10 Samuel Weiler Request for Last Call review by SECDIR is assigned to Derek Atkins
2008-05-15
10 Samuel Weiler Request for Last Call review by SECDIR is assigned to Derek Atkins
2008-05-13
10 Amy Vezza Last call sent
2008-05-13
10 Amy Vezza State Changes to In Last Call from Last Call Requested by Amy Vezza
2008-05-13
10 Tim Polk State Changes to Last Call Requested from Publication Requested by Tim Polk
2008-05-13
10 Tim Polk Last Call was requested by Tim Polk
2008-05-13
10 (System) Ballot writeup text was added
2008-05-13
10 (System) Last call text was added
2008-05-13
10 (System) Ballot approval text was added
2008-05-13
10 Tim Polk Intended Status has been changed to Proposed Standard from None
2008-05-13
10 Tim Polk [Note]: 'document shepherd is Kato Akihiro  <akato@po.ntts.co.jp>' added by Tim Polk
2008-03-20
10 Tim Polk [Note]: 'document shepherd is Kato Akihiro  <akato@po.ntts.co.jp>' added by Tim Polk
2008-03-20
10 Tim Polk Area acronymn has been changed to sec from gen
2008-03-19
10 Tim Polk State Changes to Publication Requested from Publication Requested::External Party by Tim Polk
2008-03-19
10 Tim Polk
Proto writeup:

For draft-kato-ipsec-camellia-modes
--------------

(1.a)  Who is the Document Shepherd for this document?  Has the
      Document Shepherd personally reviewed this version …
Proto writeup:

For draft-kato-ipsec-camellia-modes
--------------

(1.a)  Who is the Document Shepherd for this document?  Has the
      Document Shepherd personally reviewed this version of the
      document and, in particular, does he or she believe this
      version is ready for forwarding to the IESG for publication?

KATO Akihiro. Yes.

(1.b)  Has the document had adequate review both from key WG members
      and from key non-WG members?

The document was submitted IPsec ML. Tero Kivinen review and
commented our draft, other members did not have strong objection.

      Does the Document Shepherd have
      any concerns about the depth or breadth of the reviews that
      have been performed?

No concerns.

(1.c)  Does the Document Shepherd have concerns that the document
      needs more review from a particular or broader perspective,
      e.g., security, operational complexity, someone familiar with
      AAA, internationalization, or XML?

This document already had security experts review.  No
concerns for other area.

(1.d)  Does the Document Shepherd have any specific concerns or
      issues with this document that the Responsible Area Director
      and/or the IESG should be aware of?  For example, perhaps he
      or she is uncomfortable with certain parts of the document, or
      has concerns whether there really is a need for it.  In any
      event, if the WG has discussed those issues and has indicated
      that it still wishes to advance the document, detail those
      concerns here.

No concerns.

      Has an IPR disclosure related to this document been filed?
      If so, please include a reference to the disclosure and
      summarize the WG discussion and conclusion on this issue.

Yes.
http://www.ietf.org/ietf/IPR/mitsubishi-ntt-joint-ipr-disclosure.pdf
covers this draft. This ipr was not issued former IPsec WG.

(1.e)  How solid is the WG consensus behind this document?  Does it
      represent the strong concurrence of a few individuals, with
      others being silent, or does the WG as a whole understand and
      agree with it?

This is individual submition.

(1.f)  Has anyone threatened an appeal or otherwise indicated extreme
      discontent?  If so, please summarize the areas of conflict in
      separate email messages to the Responsible Area Director.  (It
      should be in a separate email because this questionnaire is
      entered into the ID Tracker.)

Nobody has threatened an appeal or otherwise indicated extreme
discontent.

(1.g)  Has the Document Shepherd personally verified that the
      document satisfies all ID nits?  (See
      http://www.ietf.org/ID-Checklist.html and
      http://tools.ietf.org/tools/idnits/.)  Boilerplate checks are
      not enough; this check needs to be thorough.

Yes, I have personally verified both the checklist and the idnits
tool output.

      Has the document met all formal review criteria it needs to,
      such as the MIB Doctor, media type, and URI type reviews?

No concerns.

      If the document does not already indicate its intended status
      at the top of the first page, please indicate the intended
      status here.

The intended status, Proposed Standard, is stated on the first page.

(1.h)  Has the document split its references into normative and
      informative?  Are there normative references to documents that
      are not ready for advancement or are otherwise in an unclear
      state?  If such normative references exist, what is the
      strategy for their completion?  Are there normative references
      that are downward references, as described in [RFC3967]?  If
      so, list these downward references to support the Area
      Director in the Last Call procedure for them [RFC3967].

References are split into normative and informative. Normative  all
normative references look acceptable.

(1.i)  Has the Document Shepherd verified that the document's IANA
      Considerations section exists and is consistent with the body
      of the document?  If the document specifies protocol
      extensions, are reservations requested in appropriate IANA
      registries?  Are the IANA registries clearly identified?  If
      the document creates a new registry, does it define the
      proposed initial contents of the registry and an allocation
      procedure for future registrations?  Does it suggest a
      reasonable name for the new registry?  See [RFC2434].  If the
      document describes an Expert Review process, has the Document
      Shepherd conferred with the Responsible Area Director so that
      the IESG can appoint the needed Expert during IESG Evaluation?

Yes. Everything looks OK here.

(1.j)  Has the Document Shepherd verified that sections of the
      document that are written in a formal language, such as XML
      code, BNF rules, MIB definitions, etc., validate correctly in
      an automated checker?

No concerns.

(1.k)  The IESG approval announcement includes a Document
      Announcement Write-Up.  Please provide such a Document
      Announcement Write-Up.  Recent examples can be found in the
      "Action" announcements for approved documents.  The approval
      announcement contains the following sections:

Technical Summary

  This document describes the use of the Camellia block cipher
  algorithm in Cipher Block Chaining (CBC) mode, Counter (CTR) mode and
  Counter with CBC-MAC (CCM) mode, as an IPsec Encapsulating Security
  Payload (ESP) mechanism to provide confidentiality, data origin
  authentication, and connectionless integrity.


Working Group Summary

  This is individual submition.

Document Quality

  There are at least two independant implementation of this Internet-Draft for generating and proofing test vectors.

Personnel

  The Document Shepherd for this document is Akihiro KATO, and
  the Responsible Area Director is Tim Polk.
2008-03-19
10 Tim Polk [Note]: 'document shepherd is Kato Akihiro  <akato@po.ntts.co.jp>' added by Tim Polk
2008-03-19
07 (System) New version available: draft-kato-ipsec-camellia-modes-07.txt
2008-02-25
10 Tim Polk State Changes to Publication Requested::External Party from Waiting for Writeup by Tim Polk
2008-02-25
10 Tim Polk correcting state in tracker
2008-02-25
10 Tim Polk State Changes to Waiting for Writeup from AD Evaluation by Tim Polk
2008-02-25
10 Tim Polk need proto writeup
2008-02-25
10 Tim Polk State Changes to AD Evaluation from Expert Review by Tim Polk
2008-01-21
06 (System) New version available: draft-kato-ipsec-camellia-modes-06.txt
2008-01-21
05 (System) New version available: draft-kato-ipsec-camellia-modes-05.txt
2007-11-16
04 (System) New version available: draft-kato-ipsec-camellia-modes-04.txt
2007-10-15
10 Tim Polk State Changes to Expert Review from AD Evaluation by Tim Polk
2007-10-01
10 Tim Polk State Changes to AD Evaluation from Publication Requested by Tim Polk
2007-10-01
10 Tim Polk Draft Added by Tim Polk in state Publication Requested
2007-06-29
03 (System) New version available: draft-kato-ipsec-camellia-modes-03.txt
2007-03-07
02 (System) New version available: draft-kato-ipsec-camellia-modes-02.txt
2006-11-13
01 (System) New version available: draft-kato-ipsec-camellia-modes-01.txt
2006-06-08
00 (System) New version available: draft-kato-ipsec-camellia-modes-00.txt