RE: Question with Using AES CCM Mode With IPsec ESP

Jimmy Hsieh (謝侑村) <Jimmy.Hsieh@rdc.com.tw> Wed, 24 March 2004 06:11 UTC

Received: from lists.tislabs.com (portal.tislabs.com [192.94.214.101]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA29366 for <ipsec-archive@lists.ietf.org>; Wed, 24 Mar 2004 01:11:43 -0500 (EST)
Received: by lists.tislabs.com (8.9.1/8.9.1) id WAA22424 Tue, 23 Mar 2004 22:50:52 -0500 (EST)
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-2022-jp"
Content-Transfer-Encoding: 7bit
Subject: RE: Question with Using AES CCM Mode With IPsec ESP
Date: Wed, 24 Mar 2004 12:05:13 +0800
Message-ID: <FD9E7CA62511214EBE6EB498E590A5CA6A5A64@rdc1.rdc>
Thread-Topic: Question with Using AES CCM Mode With IPsec ESP
thread-index: AcQQ7GX7qfPBHY8CRle3z8yhijE2AgAaFijA
From: "Jimmy Hsieh (謝侑村)" <Jimmy.Hsieh@rdc.com.tw>
To: Russ Housley <housley@vigilsec.com>
Cc: ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
Content-Transfer-Encoding: 7bit

Thanks a lot.

Jimmy Hsieh


-----Original Message-----
From: Russ Housley [mailto:housley@vigilsec.com] 
Sent: Tuesday, March 23, 2004 11:32 PM
To: Jimmy Hsieh
Cc: ipsec@lists.tislabs.com
Subject: Re: Question with Using AES CCM Mode With IPsec ESP

Jimmy:

I do not find any problems between the CCM cipher specification and the 
latest ESP draft.  By the way, the CCM specification is in the RFC Editor's 
queue.

1. Only the low order bits are transmitted.  The AAD is constructed by the 
sender and the receiver from other information.  A combined mode 
specification could specify that the high order bits are transmitted and 
that would still be consistent with the ESP specification, but the CCM 
cipher specification does not do so.

2. The CCM cipher specification defines the structure for the AAD.  With 
regard to combined mode algorithms, the ESP draft says:

         The Sequence Number (or Extended Sequence Number, as
         appropriate) and the SPI are inputs to the algorithm, as
         they must be included in the integrity check computation.
         The means by which these values are included in this
         computation are a function of the combined mode algorithm
         employed and thus not specified in this standard.

Again, I see no problem.

Russ

At 02:02 PM 3/8/2004 +0800, =?big5?B?SmltbXkgSHNpZWggKMHCqN2n+Ck=?= wrote:
>Hi Mr. Housley:
>         After reading "Using AES CCM Mode With IPsec ESP
><draft-ietf-ipsec-ciph-aes-ccm-05.txt>," I have two questions about 
>constructing AAD.
>         1.      Is the "64-bit Extended Sequence Number" transmitted? Or 
> only "Low
>                 32-bit of Extended Sequence Number" is transmitted.
>         2.      In "IP Encapsulating Security Payload (ESP)
>                 <draft-ietf-ipsec-esp-v3-08.txt>," it is mentioned that 
> the high 32-bit of
>                 Extended Sequence Number is placed after the "Next 
> Header" field. The
>                 Location for high 32-bit of Extended Sequence Number is 
> differently
>                 defined in <draft-ietf-ipsec-esp-v3-08.txt> and
>                 <draft-ietf-ipsec-ciph-aes-ccm-05.txt>. Could you comment 
> on this?
>
>Thank you very much.
>
>Jimmy Hsieh