Re: Promoting PRF_AES128_CBC and AUTH_AES_XCBC_96 from SHOULD to SHOULD+
"Theodore Ts'o" <tytso@mit.edu> Fri, 06 June 2003 21:37 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA14380 for <ipsec-archive@lists.ietf.org>; Fri, 6 Jun 2003 17:37:25 -0400 (EDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id PAA16341 Fri, 6 Jun 2003 15:46:15 -0400 (EDT)
Date: Fri, 06 Jun 2003 15:52:03 -0400
From: Theodore Ts'o <tytso@mit.edu>
To: David Blaker <DBlaker@NetOctave.com>
Cc: ipsec@lists.tislabs.com
Subject: Re: Promoting PRF_AES128_CBC and AUTH_AES_XCBC_96 from SHOULD to SHOULD+
Message-ID: <20030606195203.GB4070@think>
References: <49B96FCC784BC54F9675A6B558C3464ED7C15F@mail.netoctave.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <49B96FCC784BC54F9675A6B558C3464ED7C15F@mail.netoctave.com>
User-Agent: Mutt/1.5.4i
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
On Wed, Jun 04, 2003 at 12:47:57PM -0400, David Blaker wrote: > Although I have seen discussions of using AES for a PRF function on > the IPSec mailing list, I am unaware of a formal definition that is > documented in a draft. draft-ietf-ipsec-ciph-aes-cbs-05.txt makes no > mention of a prf function, as far as I can tell. If PRF_AES128_CBC > is to be either a SHOULD or a SHOULD+, then someone first needs to > define it somewhere. Would one of the proposers of this algorithm please > provide a draft? Good catch. It appears that ikev2-algorithms-01 is in error: PRF_AES128_CBC is not defined in draft-ietf-ipsec-aes-cbc-05, and I don't see any drafts where it is defined. So we need to modify ikev2-algorithms to point at a (currently non-existent) I-D, and we need to find a volunteer to quickly gin up an I-D which defines PRF_AES128_CBC. Barbara and I believe that this shouldn't hold up the IETF last call for draft-ietf-ipsec-algorithms, since writing up this PRF AES I-D should be something that can be done quickly, however, with the dangling reference the algorithms document will stall when it hits the RFC editor, so we will need to plug this reference quickly. - Ted
- Promoting PRF_AES128_CBC and AUTH_AES_XCBC_96 fro… Paul Hoffman / VPNC
- RE: Promoting PRF_AES128_CBC and AUTH_AES_XCBC_96… David Blaker
- Re: Promoting PRF_AES128_CBC and AUTH_AES_XCBC_96… Theodore Ts'o
- Re: Promoting PRF_AES128_CBC and AUTH_AES_XCBC_96… Hugo Krawczyk
- Re: Promoting PRF_AES128_CBC and AUTH_AES_XCBC_96… Uri Blumenthal
- Re: Promoting PRF_AES128_CBC and AUTH_AES_XCBC_96… Hugo Krawczyk
- Re: Promoting PRF_AES128_CBC and AUTH_AES_XCBC_96… Hugo Krawczyk
- Re: Promoting PRF_AES128_CBC and AUTH_AES_XCBC_96… Hugo Krawczyk
- Re: Promoting PRF_AES128_CBC and AUTH_AES_XCBC_96… Uri Blumenthal
- Re: Promoting PRF_AES128_CBC and AUTH_AES_XCBC_96… Uri Blumenthal
- Re: Promoting PRF_AES128_CBC and AUTH_AES_XCBC_96… Paul Hoffman / VPNC