06-369r2 -- Security Association Model for SPC-4

Ralph Weber roweber at IEEE.org
Sat Aug 26 19:23:01 PDT 2006


* From the T10 Reflector (t10 at t10.org), posted by:
* Ralph Weber <roweber at ieee.org>
*
Bob,
I have addressed all of your comments except one in the
draft r3. The one comment not addressed is:
> SHA-256 seems to be used normatively (tables 44 and x1), but is not 
> defined anywhere in SPC-4. Is its relevance to SPC-4 fully defined 
> and/or referenced in NIST SP 800-56A?
I believe this issue is already addressed in r2 as follows.
1) The following is proposed for addition to the NIST Normative References.
FIPS 180-2 with Change Notice 1 dated February 25, 2004, Secure Hash 
Standard
2) The glossary entry for SHA clearly states that secure hash algorithms
are specified in FIPS 180-2 ...
All the best,
.Ralph
Bob.Nixon at Emulex.Com wrote:
>
> Hi, Ralph, here, for public review, is the Security Association nit 
> list I transmitted privately, sanitized as you requested  ;-) 
>
> 3.1.s defines Security Hash Algorithm (SHA). 3.2 defines SHA as a 
> Secure Hash Algorithm. I think "Secure" is correct.
>
> SHA-256 seems to be used normatively (tables 44 and x1), but is not 
> defined anywhere in SPC-4. Is its relevance to SPC-4 fully defined 
> and/or referenced in NIST SP 800-56A?
>
> In table x2, definition of DS_NONCE, 2nd line, 2nd "and" should be "an".
>
> Table x2 footnote d suggests nonces should be "at least" half the 
> length of the key seed, suggesting that they might be longer than 
> that. Although it isn't logically inconsistent, is there a reason to 
> limit nonces to 32 bytes while key seeds can be up to 64 bytes?
>
> 5.13.3.3 item a: I'm not sure what an "SA lifetime value..." is. At 
> first I thought it was an agreed timeout on an SA, but after more 
> thought (and seeing no other reference to timeouts), I presume it 
> means "value that is fixed for the lifetime of the SA..." Is that 
> correct?
>
*
* For T10 Reflector information, send a message with
* 'info t10' (no quotes) in the message body to majordomo at t10.org



More information about the T10 mailing list