IETF Logo Mail Archive

Re: [Ipsec] IKEv2: AUTH_AES_XCBC_96

"Dondeti, Lakshminath" <ldondeti@nortelnetworks.com> Fri, 16 July 2004 16:28 UTC

Received: from megatron.ietf.org (megatron.ietf.org [132.151.6.71]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA13403 for <ipsec-archive@lists.ietf.org>; Fri, 16 Jul 2004 12:28:04 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1BlVRe-0008Dl-7u; Fri, 16 Jul 2004 12:20:22 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1BlVCv-0004AR-02 for ipsec@megatron.ietf.org; Fri, 16 Jul 2004 12:05:09 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA11840 for <ipsec@ietf.org>; Fri, 16 Jul 2004 12:05:06 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BlVCr-0005Fd-Pk for ipsec@ietf.org; Fri, 16 Jul 2004 12:05:05 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BlVBy-0004vn-00 for ipsec@ietf.org; Fri, 16 Jul 2004 12:04:11 -0400
Received: from [47.81.138.65] (helo=zsc3s004.nortelnetworks.com) by ietf-mx with esmtp (Exim 4.12) id 1BlVB6-0004GU-00 for ipsec@ietf.org; Fri, 16 Jul 2004 12:03:16 -0400
Received: from zsc3c028.us.nortel.com (zsc3c028.us.nortel.com [47.81.138.28]) by zsc3s004.nortelnetworks.com (Switch-2.2.6/Switch-2.2.0) with ESMTP id i6GG2LP08792; Fri, 16 Jul 2004 09:02:22 -0700 (PDT)
Received: from zbl6c002.us.nortel.com (zbl6c002.corpeast.baynetworks.com [132.245.205.52]) by zsc3c028.us.nortel.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id MX27392Q; Fri, 16 Jul 2004 09:02:21 -0700
Received: from nortelnetworks.com (atices-1.us.nortel.com [47.16.67.20]) by zbl6c002.us.nortel.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id 3087PFTJ; Fri, 16 Jul 2004 12:02:20 -0400
Message-ID: <40F7FC0C.3000409@nortelnetworks.com>
Date: Fri, 16 Jul 2004 12:02:20 -0400
X-Sybari-Space: 00000000 00000000 00000000 00000000
From: "Dondeti, Lakshminath" <ldondeti@nortelnetworks.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6) Gecko/20040113
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Kevin Li <kli@cisco.com>
Subject: Re: [Ipsec] IKEv2: AUTH_AES_XCBC_96
References: <40F7184E.1050805@cisco.com>
In-Reply-To: <40F7184E.1050805@cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.3 required=5.0 tests=AWL autolearn=no version=2.60
Content-Transfer-Encoding: 7bit
Cc: ipsec@ietf.org
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IP Security <ipsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
Sender: ipsec-bounces@ietf.org
Errors-To: ipsec-bounces@ietf.org
Content-Transfer-Encoding: 7bit

Yes, it is confusing!  The reference, RFC 3664 names it 
AES-XCBC-PRF-128; it is a PRF, not an integrity algorithm.  Perhaps it 
belongs in the PRF list corresponding to Transform Type 2.

Perhaps AES-XCBC-MAC-96 defined in RFC 3566 might be 
"AUTH_AES_XCBC_MAC_96" and is the correct #5 in Transform Type 3.

http://www.ietf.org/internet-drafts/draft-ietf-ipsec-ikev2-algorithms-05.txt 
seems to have it right!

regards,
Lakshminath

Kevin Li wrote:

> Hi,
>
> The latest draft (IKEv2-14)  changed the AUTH_AES_XCBC_96 to
> AUTH_AES_PRF_128.
>
> Since AUTH_AES_XCBC_96 is gone in IKEv2, how are we going to negotiate
> AUTH_AES_XCBC_96 which ipsec might request for?
>
> Is there a new number for AUTH_AES_XCBC_96?
>
> Thanks.
>
> Kevin
> Cisco Systems
>
> _______________________________________________
> Ipsec mailing list
> Ipsec@ietf.org
> https://www1.ietf.org/mailman/listinfo/ipsec
>


_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec

v2.23.0 | Report a Bug | By Email