[Ipsec] Comments to draft-songlee-aes-cmac-prf-128-01.txt
Tero Kivinen <kivinen@iki.fi> Fri, 16 December 2005 13:16 UTC
Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EnFS2-0002Cv-HN; Fri, 16 Dec 2005 08:16:46 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EnFS0-0002Cj-Cb for ipsec@megatron.ietf.org; Fri, 16 Dec 2005 08:16:44 -0500
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA16618 for <ipsec@ietf.org>; Fri, 16 Dec 2005 08:15:44 -0500 (EST)
Received: from fireball.acr.fi ([83.145.195.1] helo=mail.kivinen.iki.fi) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EnFTb-0006Op-AG for ipsec@ietf.org; Fri, 16 Dec 2005 08:18:24 -0500
Received: from fireball.acr.fi (localhost [IPv6:::1]) by mail.kivinen.iki.fi (8.13.4/8.12.10) with ESMTP id jBGDGXWc003563 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 16 Dec 2005 15:16:34 +0200 (EET)
Received: (from kivinen@localhost) by fireball.acr.fi (8.13.4/8.12.11) id jBGDGT0W005547; Fri, 16 Dec 2005 15:16:29 +0200 (EET)
X-Authentication-Warning: fireball.acr.fi: kivinen set sender to kivinen@iki.fi using -f
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <17314.48685.551696.192990@fireball.acr.fi>
Date: Fri, 16 Dec 2005 15:16:29 +0200
From: Tero Kivinen <kivinen@iki.fi>
To: ipsec@ietf.org, songlee@u.washington.edu, jicheol.lee@samsung.com, radha@ee.washington.edu, housley@vigilsec.com
X-Mailer: VM 7.17 under Emacs 21.4.1
X-Edit-Time: 11 min
X-Total-Time: 12 min
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 9466e0365fc95844abaf7c3f15a05c7d
Content-Transfer-Encoding: 7bit
Cc:
Subject: [Ipsec] Comments to draft-songlee-aes-cmac-prf-128-01.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IP Security <ipsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
Sender: ipsec-bounces@ietf.org
Errors-To: ipsec-bounces@ietf.org
The draft uses truncation to truncate the key if it is longer than 128 bits. This is not very well suited for the IKEv2 use. The PRF is used in IKEv2 with key (Ni | Nr), where the length of Ni and Nr is between 16 and 256 octects. This means that the keying material when calculating SKEYSEED of the IKE_SA (2.14) is always only Ni and the responder nonce does not affect to the value of the SKEYSEED at all. It would be better to use similar method than draft-hoffman-rfc3664bis-05.txt does, i.e: ---------------------------------------------------------------------- o If the key is 129 bits or longer, shorten it to exactly 128 bits by performing the steps in AES-XCBC-PRF-128 (that is, the algorithm described in this document). In that re-application of this algorithm, the key is 128 zero bits; the message is the too- long current key. ---------------------------------------------------------------------- Also the IANA consideration section needs to have a bit more text. I.e. something like: 6. IANA Consideration IANA should allocate a value for IKEv2 Transform Type 2 (Pseudo-random Function (PRF)) to the PRF_AES128_CMAC algorithm when this document is published. -- kivinen@safenet-inc.com _______________________________________________ Ipsec mailing list Ipsec@ietf.org https://www1.ietf.org/mailman/listinfo/ipsec
- [Ipsec] Comments to draft-songlee-aes-cmac-prf-12… Tero Kivinen