Project

General

Profile

Actions

Bug #13000

open

IPsec AES-GCM encryption algorithm "Key Length" field should be labeled "ICV Length"

Added by Danilo Zrenjanin almost 2 years ago. Updated almost 2 years ago.

Status:
New
Priority:
Low
Assignee:
-
Category:
IPsec
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
All
Affected Architecture:

Description

When choosing AES256/128-GCM, the key length is 256/128 bits long. The second field in the row labeled Key length needs to be changed or removed.

Actions #1

Updated by Jim Pingle almost 2 years ago

  • Priority changed from Normal to Low
  • Plus Target Version deleted (22.01)
  • Affected Version changed from 2.6.0 to All

It can't be removed, it's a necessary part of the algorithm selection. For AES-GCM it's the ICV (Integrity Check Value). Changing the label on that particular field for GCM when it works identically to "key length" on other ciphers is tricky so we have left it as-is.

https://datatracker.ietf.org/doc/html/rfc4106#page-5

If someone wants to come up with some JavaScript to change the field description only when the field is set to an AES-GCM algorithm, that's fine, but it's not a high priority.

Actions #2

Updated by Jim Pingle almost 2 years ago

  • Subject changed from IPsec AES256/128-GCM encryption algorithm to IPsec AES-GCM encryption algorithm "Key Length" field should be labeled "ICV Length"

Also note that the field options are not 128/256, they are 128/96/64 (plus Auto on P2).

An alternate solution could be to add "ICV Length" into the drop-down text so for example it would be "128 bit ICV length" or similar.

Actions #3

Updated by Danilo Zrenjanin almost 2 years ago

Yes, adding ICV Lenght into the drop-down will be helpful. Additionally, a note can be added to the existing help text field.

Actions

Also available in: Atom PDF