Re: Promoting PRF_AES128_CBC and AUTH_AES_XCBC_96 from SHOULD to SHOULD+
Hugo Krawczyk <hugo@ee.technion.ac.il> Sat, 07 June 2003 01:25 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA20452 for <ipsec-archive@lists.ietf.org>; Fri, 6 Jun 2003 21:25:42 -0400 (EDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id TAA17341 Fri, 6 Jun 2003 19:34:37 -0400 (EDT)
Date: Sat, 07 Jun 2003 02:40:27 +0300
From: Hugo Krawczyk <hugo@ee.technion.ac.il>
To: Theodore Ts'o <tytso@mit.edu>
cc: David Blaker <DBlaker@NetOctave.com>, IPsec WG <ipsec@lists.tislabs.com>
Subject: Re: Promoting PRF_AES128_CBC and AUTH_AES_XCBC_96 from SHOULD to SHOULD+
In-Reply-To: <20030606195203.GB4070@think>
Message-ID: <Pine.GSO.4.21.0306070216050.22287-100000@ee.technion.ac.il>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
> > Good catch. It appears that ikev2-algorithms-01 is in error: > PRF_AES128_CBC is not defined in draft-ietf-ipsec-aes-cbc-05, and I > don't see any drafts where it is defined. So we need to modify > ikev2-algorithms to point at a (currently non-existent) I-D, and we > need to find a volunteer to quickly gin up an I-D which defines > PRF_AES128_CBC. that's easy: the right document to point out is draft-ietf-ipsec-ciph-aes-xcbc-mac-04.txt. The function defined there is exactly what the algorithms I-D calls PRF_AES128_CBC (maybe we should rename it to PRF_AES128_XCBC), except that draft-ietf-ipsec-ciph-aes-xcbc-mac-04.txt mandates the truncation to 96 bits which is not necessary (nor recommended) here. Thus one can define PRF_AES128_XCBC by referring to the above I-D and saying that no truncation takes place (all the 128 bits of output from AES128 are output by the prf). This means ignoring the text in draft-ietf-ipsec-ciph-aes-xcbc-mac-04.txt after sec 4.2. It would be nice if draft-ietf-ipsec-ciph-aes-xcbc-mac-04.txt is reorganized a bit such as first aes-xcbc-mac is defined with output equal to the block length (does this draft refer only to aes128?) Then a section about truncation is added where aes-xcbc-mac-96 is defined. A couple of test cases for aes-xcbc-mac could be added. In this way ikev2 could cleanly refer to aes-xcbc-mac as defined in draft-ietf-ipsec-ciph-aes-xcbc-mac-04.txt. Hugo
- Promoting PRF_AES128_CBC and AUTH_AES_XCBC_96 fro… Paul Hoffman / VPNC
- RE: Promoting PRF_AES128_CBC and AUTH_AES_XCBC_96… David Blaker
- Re: Promoting PRF_AES128_CBC and AUTH_AES_XCBC_96… Theodore Ts'o
- Re: Promoting PRF_AES128_CBC and AUTH_AES_XCBC_96… Hugo Krawczyk
- Re: Promoting PRF_AES128_CBC and AUTH_AES_XCBC_96… Uri Blumenthal
- Re: Promoting PRF_AES128_CBC and AUTH_AES_XCBC_96… Hugo Krawczyk
- Re: Promoting PRF_AES128_CBC and AUTH_AES_XCBC_96… Hugo Krawczyk
- Re: Promoting PRF_AES128_CBC and AUTH_AES_XCBC_96… Hugo Krawczyk
- Re: Promoting PRF_AES128_CBC and AUTH_AES_XCBC_96… Uri Blumenthal
- Re: Promoting PRF_AES128_CBC and AUTH_AES_XCBC_96… Uri Blumenthal
- Re: Promoting PRF_AES128_CBC and AUTH_AES_XCBC_96… Paul Hoffman / VPNC