RE: [Ipsec] IKEv2: AUTH_AES_XCBC_96
"Charlie Kaufman" <charliek@microsoft.com> Sun, 18 July 2004 07:16 UTC
Received: from megatron.ietf.org (megatron.ietf.org [132.151.6.71]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA20751 for <ipsec-archive@lists.ietf.org>; Sun, 18 Jul 2004 03:16:23 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Bm5ib-0003rM-BT; Sun, 18 Jul 2004 03:04:17 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Bm5Sb-0001Cr-Ce for ipsec@megatron.ietf.org; Sun, 18 Jul 2004 02:47:45 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA19417 for <ipsec@ietf.org>; Sun, 18 Jul 2004 02:47:43 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1Bm5SZ-0001th-6z for ipsec@ietf.org; Sun, 18 Jul 2004 02:47:43 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1Bm5Ri-0001gR-00 for ipsec@ietf.org; Sun, 18 Jul 2004 02:46:51 -0400
Received: from mail3.microsoft.com ([131.107.3.123]) by ietf-mx with esmtp (Exim 4.12) id 1Bm5Qu-0001EE-00 for ipsec@ietf.org; Sun, 18 Jul 2004 02:46:00 -0400
Received: from mailout1.microsoft.com ([157.54.1.117]) by mail3.microsoft.com with Microsoft SMTPSVC(6.0.3790.191); Sat, 17 Jul 2004 23:45:28 -0700
Received: from RED-MSG-51.redmond.corp.microsoft.com ([157.54.12.11]) by mailout1.microsoft.com with Microsoft SMTPSVC(6.0.3790.0); Sat, 17 Jul 2004 23:45:26 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [Ipsec] IKEv2: AUTH_AES_XCBC_96
Date: Sat, 17 Jul 2004 23:45:25 -0700
Message-ID: <F5F4EC6358916448A81370AF56F211A503504382@RED-MSG-51.redmond.corp.microsoft.com>
Thread-Topic: [Ipsec] IKEv2: AUTH_AES_XCBC_96
thread-index: AcRrU5r3Fw8Toh6USPadMy+QKPHZqABPxnJg
From: Charlie Kaufman <charliek@microsoft.com>
To: Kevin Li <kli@cisco.com>, "Dondeti, Lakshminath" <ldondeti@nortelnetworks.com>
X-OriginalArrivalTime: 18 Jul 2004 06:45:26.0421 (UTC) FILETIME=[CED38450:01C46C92]
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.1 required=5.0 tests=AWL autolearn=no version=2.60
Content-Transfer-Encoding: quoted-printable
Cc: ipsec@ietf.org
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IP Security <ipsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
Sender: ipsec-bounces@ietf.org
Errors-To: ipsec-bounces@ietf.org
Content-Transfer-Encoding: quoted-printable
It is changed back in the pending draft. --Charlie -----Original Message----- From: ipsec-bounces@ietf.org [mailto:ipsec-bounces@ietf.org] On Behalf Of Kevin Li Sent: Friday, July 16, 2004 9:30 AM To: Dondeti, Lakshminath Cc: ipsec@ietf.org Subject: Re: [Ipsec] IKEv2: AUTH_AES_XCBC_96 I would agree that AUTH_AES_PRF_128 should change back to AUTH_AES_XCBC_MAC_96 for Transform Type 3 in IKEv2. But to avoid interop issue later, we would like to see that to be standardized in IKEv2. BTW, draft-ietf-ipsec-ikev2-algorithms-05.txt is using the number from older draft of IKEv2. Thanks. Kevin Dondeti, Lakshminath wrote: > Yes, it is confusing! The reference, RFC 3664 names it > AES-XCBC-PRF-128; it is a PRF, not an integrity algorithm. Perhaps it > belongs in the PRF list corresponding to Transform Type 2. > > Perhaps AES-XCBC-MAC-96 defined in RFC 3566 might be > "AUTH_AES_XCBC_MAC_96" and is the correct #5 in Transform Type 3. > > http://www.ietf.org/internet-drafts/draft-ietf-ipsec-ikev2-algorithms-05 .txt > seems to have it right! > > regards, > Lakshminath > > Kevin Li wrote: > >> Hi, >> >> The latest draft (IKEv2-14) changed the AUTH_AES_XCBC_96 to >> AUTH_AES_PRF_128. >> >> Since AUTH_AES_XCBC_96 is gone in IKEv2, how are we going to negotiate >> AUTH_AES_XCBC_96 which ipsec might request for? >> >> Is there a new number for AUTH_AES_XCBC_96? >> >> Thanks. >> >> Kevin >> Cisco Systems >> >> _______________________________________________ >> Ipsec mailing list >> Ipsec@ietf.org >> https://www1.ietf.org/mailman/listinfo/ipsec >> > > _______________________________________________ Ipsec mailing list Ipsec@ietf.org https://www1.ietf.org/mailman/listinfo/ipsec _______________________________________________ Ipsec mailing list Ipsec@ietf.org https://www1.ietf.org/mailman/listinfo/ipsec
- [Ipsec] IKEv2: AUTH_AES_XCBC_96 Kevin Li
- Re: [Ipsec] IKEv2: AUTH_AES_XCBC_96 Dondeti, Lakshminath
- Re: [Ipsec] IKEv2: AUTH_AES_XCBC_96 Kevin Li
- RE: [Ipsec] IKEv2: AUTH_AES_XCBC_96 Charlie Kaufman
- Re: [Ipsec] IKEv2: AUTH_AES_XCBC_96 Kevin Li