[Ipsec] Last Call: 'The AES-XCBC-PRF-128 Algorithm for the Internet Key Exchange Protocol (IKE)' to Proposed Standard
The IESG <iesg-secretary@ietf.org> Wed, 26 October 2005 17:03 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EUogX-0005Af-HU; Wed, 26 Oct 2005 13:03:33 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EUogV-00059T-GA for ipsec@megatron.ietf.org; Wed, 26 Oct 2005 13:03:31 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA07567 for <ipsec@ietf.org>; Wed, 26 Oct 2005 13:03:15 -0400 (EDT)
Received: from above.proper.com ([208.184.76.39]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EUotg-0001to-Nw for ipsec@ietf.org; Wed, 26 Oct 2005 13:17:10 -0400
Received: from [10.20.30.249] (dsl2-63-249-92-231.cruzio.com [63.249.92.231]) (authenticated bits=0) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9QH3NP8075691 for <ipsec@ietf.org>; Wed, 26 Oct 2005 10:03:24 -0700 (PDT) (envelope-from paul.hoffman@vpnc.org)
Mime-Version: 1.0
Message-Id: <p062309debf856748a8ff@[10.20.30.249]>
Date: Wed, 26 Oct 2005 10:03:22 -0700
To: IPsec WG <ipsec@ietf.org>
From: The IESG <iesg-secretary@ietf.org>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 10ba05e7e8a9aa6adb025f426bef3a30
Subject: [Ipsec] Last Call: 'The AES-XCBC-PRF-128 Algorithm for the Internet Key Exchange Protocol (IKE)' to Proposed Standard
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IP Security <ipsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
Sender: ipsec-bounces@ietf.org
Errors-To: ipsec-bounces@ietf.org
The IESG has received a request from an individual submitter to consider the
following document:
- 'The AES-XCBC-PRF-128 Algorithm for the Internet Key Exchange Protocol (IKE)'
<draft-hoffman-rfc3664bis-05.txt> as a Proposed Standard
On 1 July 2005 the IESG received a request to consider publication
of draft-hoffman-rfc3664bis-03 as a standards-track RFC. Updates
were made based on IETF Last Call comments, the -04 version of the
document was discussed during the telechat of 1 September 2005. The
document was approved, and placed in the the RFC Editor queue. On
29 September 2005, Paul Hoffman asked the IESG to rescind approval
of the document due to an implementation issue that was discovered
at the IKEv2 bake-off. The attached note describes this situation
more completely. Now, version -05 has addressed this concern, and
the IESG has been asked to consider publication of the updated
document as a standards-track RFC.
The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send any comments to the
iesg@ietf.org or ietf@ietf.org mailing lists by 2005-11-23.
The file can be obtained via
http://www.ietf.org/internet-drafts/draft-hoffman-rfc3664bis-05.txt
--- Message Rescinding Approval of draft-hoffman-rfc3664bis-04 ---
To: IETF Announcement list <ietf-announce@ietf.org>
From: IESG <iesg@ietf.org>
Date: Wed, 12 Oct 2005 11:22:01 -0400
Cc: iana@iana.org, rfc-editor@rfc-editor.org
Subject: Rescinding Approval of draft-hoffman-rfc3664bis-04
On 1 July 2005 the IESG received a request from Paul Hoffman to
consider publication of draft-hoffman-rfc3664bis-03 as a
standards-track RFC. Updates were made based on IETF Last Call
comments, the -04 version of the document was discussed during
the telechat of 1 September 2005. The document was approved, and
it is now in the RFC Editor queue.
On 29 September 2005, Paul Hoffman asked the IESG to rescind
approval of the document due to an implementation issue that was
discovered at the IKEv2 bake-off. A summary of the problem is:
In IKEv2 section 2.14 on generating keying material, it says:
"If the negotiated prf takes a fixed length key and the lengths
of Ni and Nr do not add up to that length, half the bits must
come from Ni and half from Nr, taking the first bits of each."
In section 2.15 on authentication, it says:
"If the negotiated prf takes a fixed size key, the shared secret
MUST be of that fixed size."
In draft-hoffman-rfc3664bis-04 section 1.1 says:
"This document specifies the same algorithm as RFC 3664 except
that the restriction on keys having to be exactly 128 bits from
[AES-XCBC-MAC] is removed. Implementations of RFC 3664 will
have the same bits-on-the-wire results as this algorithm; the
only difference is that keys that were not equal in length to
128 bits will no longer be rejected, but instead will be made
128 bits.
The problem is that changing from fixed-key-size to variable-key-size
changes the bits output from generating keying material. Because the
nonces must each be at least 128 bits (from IKEv2 section 2.10), the
lengths will never add up to the key length unless the key is 256 or
longer.
A new version of draft-hoffman-rfc3664bis has been posted that attempts
to solve the problem. This new version will be the subject of a
separate IETF Last Call and IESG action. Accordingly, the IESG agreed
to rescind approval to publish draft-hoffman-rfc3664bis-04 as a
standards-track RFC. This decision requires that the following action
by the RFC Editor:
Please remove draft-hoffman-rfc3664bis-04.txt from the RFC Editor
queue and discontinue processing of the document.
_______________________________________________
IETF-Announce mailing list
IETF-Announce@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf-announce
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec