06-369r2 -- Security Association Model for SPC-4

Bob.Nixon at emulex.com Bob.Nixon at emulex.com
Fri Aug 25 10:35:20 PDT 2006

Formatted message: <A HREF="r0608251_f.htm">HTML-formatted message</A>

Hi, Ralph, here, for public review, is the Security Association nit list I
transmitted privately, sanitized as you requested  ;-) 
3.1.s defines Security Hash Algorithm (SHA). 3.2 defines SHA as a Secure Hash
Algorithm. I think "Secure" is correct.
SHA-256 seems to be used normatively (tables 44 and x1), but is not defined
anywhere in SPC-4. Is its relevance to SPC-4 fully defined and/or referenced
in NIST SP 800-56A?
In table x2, definition of DS_NONCE, 2nd line, 2nd "and" should be "an".
Table x2 footnote d suggests nonces should be "at least" half the length of
the key seed, suggesting that they might be longer than that. Although it
isn't logically inconsistent, is there a reason to limit nonces to 32 bytes
while key seeds can be up to 64 bytes? item a: I'm not sure what an "SA lifetime value..." is. At first I
thought it was an agreed timeout on an SA, but after more thought (and seeing
no other reference to timeouts), I presume it means "value that is fixed for
the lifetime of the SA..." Is that correct? 

More information about the T10 mailing list