IETF Logo Mail Archive

Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-ikev2-02

Sean Shen <sean.s.shen@gmail.com> Fri, 23 October 2009 11:12 UTC

Return-Path: <sean.s.shen@gmail.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1804D3A68A7 for <ipsec@core3.amsl.com>; Fri, 23 Oct 2009 04:12:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.072
X-Spam-Level:
X-Spam-Status: No, score=-2.072 tagged_above=-999 required=5 tests=[AWL=0.526, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PBfEoP02RSQk for <ipsec@core3.amsl.com>; Fri, 23 Oct 2009 04:12:17 -0700 (PDT)
Received: from mail-pz0-f176.google.com (mail-pz0-f176.google.com [209.85.222.176]) by core3.amsl.com (Postfix) with ESMTP id EA83A3A68A5 for <ipsec@ietf.org>; Fri, 23 Oct 2009 04:12:16 -0700 (PDT)
Received: by pzk6 with SMTP id 6so618207pzk.29 for <ipsec@ietf.org>; Fri, 23 Oct 2009 04:12:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=QZG65mYK3Bj23K3SjYZ//PMhlUjzwcfDWehuXQZR7Ns=; b=hqyAjse3sAaQ7XJgSJ0doYWkDSKWcJ0tBH5deaw6NughjBchINlgRnlMmDIFOYLxj+ QonthRhucEvm7kbUIE8SMY+aO7jEe9OMPvMTrEWnNRh5VdjVSQgLwoNh00MGjzPMGsq7 XJz/DyxnSvZat675BLQALpLZARsbBPAumEJBM=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=ehlxp8bjJwVUzobIGuYzKQ6JD4VUzbFfIWQ3YcsUAx2Yl2kgjkkHFH7VHEwcJjC1lU qjgzeSb0DUxM6AsA5DFFouHBafvujcMGqAIgWAEzMbmiMNedTebCWeUO4V+o6nAScNV3 0dYBhB6YqB2Y5pOZb5BOaT2qTMJaBvhFuvPKQ=
MIME-Version: 1.0
Received: by 10.115.65.11 with SMTP id s11mr16059662wak.170.1256296342442; Fri, 23 Oct 2009 04:12:22 -0700 (PDT)
In-Reply-To: <D8CEBB6AE9D43848BD2220619A43F3263EB4E3@M31.equallogic.com>
References: <200910131509.RAA22549@TR-Sys.de> <80b5a9190910190108t46e6c862s9f8c48895e5b3851@mail.gmail.com> <19165.32194.275245.431639@fireball.kivinen.iki.fi> <80b5a9190910211822j407a58fbo6872025d4f488bc2@mail.gmail.com> <D8CEBB6AE9D43848BD2220619A43F3263EB4E3@M31.equallogic.com>
Date: Fri, 23 Oct 2009 19:12:22 +0800
Message-ID: <80b5a9190910230412of646dadx991f3f9cc19b8e84@mail.gmail.com>
From: Sean Shen <sean.s.shen@gmail.com>
To: Paul Koning <Paul_Koning@dell.com>
Content-Type: multipart/alternative; boundary="0016e64c24a0395362047698493d"
Cc: ipsec@ietf.org, Alfred HÎnes <ah@tr-sys.de>, Tero Kivinen <kivinen@iki.fi>, draft-ietf-ipsecme-aes-ctr-ikev2@tools.ietf.org
Subject: Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-ikev2-02
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Oct 2009 11:12:18 -0000

Section 2.2 says that "AES MUST use different rounds for each of the key
sizes: ...".
The draft is not trying to say that IKEv2 requires 10/12/14 rounds for
128/192/256 key lengths. The draft is not trying to say that AES-CTR
requires 10/12/14 rounds for 128/192/256 key lengths.

Sean


2009/10/22 Paul Koning <Paul_Koning@dell.com>

>  AES is an algorithm with one parameter: the key length.  Based on that
> parameter various things change inside the algorithm.  It so happens that
> AES has rounds, and the number of rounds is a function of the key length.
> But as Tero says, that’s irrelevant to users of AES.  Any mention of rounds
> and other internal stuff belongs in exactly one place, the AES
> specification.  It does NOT belong in any specs that are merely users of AES
> – such as the AES-CTR spec.  It isn’t a characteristic of aes-ctr.
>
>
>
> Are you saying that people were arguing otherwise, that rounds need to be
> mentioned in the aes-ctr spec?  I strongly disagree; I can’t imagine any
> reason why that would be a good idea.
>
>
>
>                 paul
>
>
>
> *From:* ipsec-bounces@ietf.org [mailto:ipsec-bounces@ietf.org] *On Behalf
> Of *Shen Sean
> *Sent:* Wednesday, October 21, 2009 9:23 PM
> *To:* Tero Kivinen
> *Cc:* ipsec@ietf.org; Alfred HÎnes;
> draft-ietf-ipsecme-aes-ctr-ikev2@tools.ietf.org
> *Subject:* Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-ikev2-02
>
> …
>
>  [Sean] I have no doubt that most users or vendors won't bother to choose
> or change what's already in crypto lib. But, a standard related document is
> responsible to clearly state what are necessary for a product, in this case,
> the basic characteristics of AES-CTR, even though some of these seems
> obvious. I remmeber the very early version of this document does not include
> rounds stuff, but eventually we added it based on reviewers' comments and
> requests.
>
>
>
>
>

v2.23.0 | Report a Bug | By Email