RE: Question with Using AES CCM Mode With IPsec ESP
Jimmy Hsieh (謝侑村) <Jimmy.Hsieh@rdc.com.tw> Wed, 24 March 2004 06:11 UTC
Received: from lists.tislabs.com (portal.tislabs.com [192.94.214.101]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA29366 for <ipsec-archive@lists.ietf.org>; Wed, 24 Mar 2004 01:11:43 -0500 (EST)
Received: by lists.tislabs.com (8.9.1/8.9.1) id WAA22424 Tue, 23 Mar 2004 22:50:52 -0500 (EST)
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-2022-jp"
Content-Transfer-Encoding: 7bit
Subject: RE: Question with Using AES CCM Mode With IPsec ESP
Date: Wed, 24 Mar 2004 12:05:13 +0800
Message-ID: <FD9E7CA62511214EBE6EB498E590A5CA6A5A64@rdc1.rdc>
Thread-Topic: Question with Using AES CCM Mode With IPsec ESP
thread-index: AcQQ7GX7qfPBHY8CRle3z8yhijE2AgAaFijA
From: "Jimmy Hsieh (謝侑村)" <Jimmy.Hsieh@rdc.com.tw>
To: Russ Housley <housley@vigilsec.com>
Cc: ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
Content-Transfer-Encoding: 7bit
Thanks a lot. Jimmy Hsieh -----Original Message----- From: Russ Housley [mailto:housley@vigilsec.com] Sent: Tuesday, March 23, 2004 11:32 PM To: Jimmy Hsieh Cc: ipsec@lists.tislabs.com Subject: Re: Question with Using AES CCM Mode With IPsec ESP Jimmy: I do not find any problems between the CCM cipher specification and the latest ESP draft. By the way, the CCM specification is in the RFC Editor's queue. 1. Only the low order bits are transmitted. The AAD is constructed by the sender and the receiver from other information. A combined mode specification could specify that the high order bits are transmitted and that would still be consistent with the ESP specification, but the CCM cipher specification does not do so. 2. The CCM cipher specification defines the structure for the AAD. With regard to combined mode algorithms, the ESP draft says: The Sequence Number (or Extended Sequence Number, as appropriate) and the SPI are inputs to the algorithm, as they must be included in the integrity check computation. The means by which these values are included in this computation are a function of the combined mode algorithm employed and thus not specified in this standard. Again, I see no problem. Russ At 02:02 PM 3/8/2004 +0800, =?big5?B?SmltbXkgSHNpZWggKMHCqN2n+Ck=?= wrote: >Hi Mr. Housley: > After reading "Using AES CCM Mode With IPsec ESP ><draft-ietf-ipsec-ciph-aes-ccm-05.txt>," I have two questions about >constructing AAD. > 1. Is the "64-bit Extended Sequence Number" transmitted? Or > only "Low > 32-bit of Extended Sequence Number" is transmitted. > 2. In "IP Encapsulating Security Payload (ESP) > <draft-ietf-ipsec-esp-v3-08.txt>," it is mentioned that > the high 32-bit of > Extended Sequence Number is placed after the "Next > Header" field. The > Location for high 32-bit of Extended Sequence Number is > differently > defined in <draft-ietf-ipsec-esp-v3-08.txt> and > <draft-ietf-ipsec-ciph-aes-ccm-05.txt>. Could you comment > on this? > >Thank you very much. > >Jimmy Hsieh
- Question with Using AES CCM Mode With IPsec ESP Jimmy Hsieh (謝侑村)
- Re: Question with Using AES CCM Mode With IPsec E… Russ Housley
- RE: Question with Using AES CCM Mode With IPsec E… Jimmy Hsieh (謝侑村)