[Ipsec] Comments to draft-songlee-aes-cmac-prf-128-01.txt
Tero Kivinen <kivinen@iki.fi> Fri, 16 December 2005 13:16 UTC
Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EnFS2-0002Cv-HN; Fri, 16 Dec 2005 08:16:46 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EnFS0-0002Cj-Cb for ipsec@megatron.ietf.org; Fri, 16 Dec 2005 08:16:44 -0500
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA16618 for <ipsec@ietf.org>; Fri, 16 Dec 2005 08:15:44 -0500 (EST)
Received: from fireball.acr.fi ([83.145.195.1] helo=mail.kivinen.iki.fi) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EnFTb-0006Op-AG for ipsec@ietf.org; Fri, 16 Dec 2005 08:18:24 -0500
Received: from fireball.acr.fi (localhost [IPv6:::1]) by mail.kivinen.iki.fi (8.13.4/8.12.10) with ESMTP id jBGDGXWc003563 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 16 Dec 2005 15:16:34 +0200 (EET)
Received: (from kivinen@localhost) by fireball.acr.fi (8.13.4/8.12.11) id jBGDGT0W005547; Fri, 16 Dec 2005 15:16:29 +0200 (EET)
X-Authentication-Warning: fireball.acr.fi: kivinen set sender to kivinen@iki.fi using -f
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <17314.48685.551696.192990@fireball.acr.fi>
Date: Fri, 16 Dec 2005 15:16:29 +0200
From: Tero Kivinen <kivinen@iki.fi>
To: ipsec@ietf.org, songlee@u.washington.edu, jicheol.lee@samsung.com, radha@ee.washington.edu, housley@vigilsec.com
X-Mailer: VM 7.17 under Emacs 21.4.1
X-Edit-Time: 11 min
X-Total-Time: 12 min
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 9466e0365fc95844abaf7c3f15a05c7d
Content-Transfer-Encoding: 7bit
Cc:
Subject: [Ipsec] Comments to draft-songlee-aes-cmac-prf-128-01.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IP Security <ipsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
Sender: ipsec-bounces@ietf.org
Errors-To: ipsec-bounces@ietf.org
The draft uses truncation to truncate the key if it is longer than 128
bits. This is not very well suited for the IKEv2 use.
The PRF is used in IKEv2 with key (Ni | Nr), where the length of Ni
and Nr is between 16 and 256 octects. This means that the keying
material when calculating SKEYSEED of the IKE_SA (2.14) is always only
Ni and the responder nonce does not affect to the value of the
SKEYSEED at all.
It would be better to use similar method than
draft-hoffman-rfc3664bis-05.txt does, i.e:
----------------------------------------------------------------------
o If the key is 129 bits or longer, shorten it to exactly 128 bits
by performing the steps in AES-XCBC-PRF-128 (that is, the
algorithm described in this document). In that re-application of
this algorithm, the key is 128 zero bits; the message is the too-
long current key.
----------------------------------------------------------------------
Also the IANA consideration section needs to have a bit more text.
I.e. something like:
6. IANA Consideration
IANA should allocate a value for IKEv2 Transform Type 2
(Pseudo-random Function (PRF)) to the PRF_AES128_CMAC algorithm
when this document is published.
--
kivinen@safenet-inc.com
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec
- [Ipsec] Comments to draft-songlee-aes-cmac-prf-12… Tero Kivinen