IETF Logo Mail Archive

Re: [Ipsec] RE: MUST implement AES-CBC for IPsec ESP

"Vishwas Manral" <vishwas.ietf@gmail.com> Fri, 26 January 2007 20:43 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HAXui-0005fD-5m; Fri, 26 Jan 2007 15:43:12 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1H99zI-0001iO-R4 for ietf@ietf.org; Mon, 22 Jan 2007 19:58:12 -0500
Received: from nf-out-0910.google.com ([64.233.182.190]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1H99zH-0005kw-G3 for ietf@ietf.org; Mon, 22 Jan 2007 19:58:12 -0500
Received: by nf-out-0910.google.com with SMTP id l36so69857nfa for <ietf@ietf.org>; Mon, 22 Jan 2007 16:58:10 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=P5UaNUfaNiJTopfIGcpsTkkzvIWWqK5wRBCdvfarCy1yr8QYVnhYUQr5fTIwcYdU35ej5czKPsAtfbdKd2RFKAPEMstUzwen0w2AFXoghGrRtUOID/Ea6XXMzle0WZ2jGOTVmOHmZfoi55aDfS4GT3rPHk56uDH+TjzGgtiNv3M=
Received: by 10.48.204.7 with SMTP id b7mr235805nfg.1169513890464; Mon, 22 Jan 2007 16:58:10 -0800 (PST)
Received: by 10.48.221.18 with HTTP; Mon, 22 Jan 2007 16:58:10 -0800 (PST)
Message-ID: <77ead0ec0701221658h373b8868n525d25da3901948d@mail.gmail.com>
Date: Mon, 22 Jan 2007 16:58:10 -0800
From: Vishwas Manral <vishwas.ietf@gmail.com>
To: Russ Housley <housley@vigilsec.com>
In-Reply-To: <7.0.0.16.2.20070122174348.040caac8@vigilsec.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <45B28AFE.6090204@qualcomm.com> <457D36D9D89B5B47BC06DA869B1C815D030B2257@exrad3.ad.rad.co.il> <7.0.0.16.2.20070122174348.040caac8@vigilsec.com>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 7baded97d9887f7a0c7e8a33c2e3ea1b
X-Mailman-Approved-At: Fri, 26 Jan 2007 15:43:03 -0500
Cc: ipsec@ietf.org, saag@mit.edu, ietf@ietf.org
Subject: Re: [Ipsec] RE: MUST implement AES-CBC for IPsec ESP
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Errors-To: ietf-bounces@ietf.org

Hi Yaakov,

The following new text has been added to the draft.
http://www.ietf.org/internet-drafts/draft-manral-ipsec-rfc4305-bis-errata-03.txt

Although there are no suggested or required combined algorithms at
this time,   AES-CCM [RFC4309] and AES-GCM [RFC4106] are of interest.
AES-CCM has been adopted as the preferred mode in IEEE 802.11
[802.11i], and AES-   GCM has been adopted as the preferred mode in
IEEE 802.1ae [802.1ae].

Actually till version02 of the draft, I had a todo list(Appendix A.)
which contained updating the status of new algorithms as one of the
points in the agenda. However as I got no feedback on the same from
the list, I did not go ahead and add any nenw algorithm status.

Thanks,
Vishwas

On 1/22/07, Russ Housley <housley@vigilsec.com> wrote:
> Yaakov:
>
> >Strangely missing is AES/GCM [RFC4106].
> >
> >SHOULDn't this be a SHOULD ?
>
> None of the MUST/SHOULD algorithms are authenticated-encryption
> algorithms.  This has not been proposed in the past, and it is very
> late in the processing of this document to propose it now.
>
> I'm pleased to entertain adding it the next time this document is updated.
>
> Russ
>
>
> _______________________________________________
> Ipsec mailing list
> Ipsec@ietf.org
> https://www1.ietf.org/mailman/listinfo/ipsec
>

_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

v2.23.0 | Report a Bug | By Email