Re: Question with Using AES CCM Mode With IPsec ESP
Russ Housley <housley@vigilsec.com> Tue, 23 March 2004 17:19 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA13260 for <ipsec-archive@lists.ietf.org>; Tue, 23 Mar 2004 12:19:59 -0500 (EST)
Received: by lists.tislabs.com (8.9.1/8.9.1) id KAA10344 Tue, 23 Mar 2004 10:23:53 -0500 (EST)
Message-Id: <5.2.0.9.2.20040323102041.03d5bf08@mail.binhost.com>
X-Sender: housley@mail.binhost.com
X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9
Date: Tue, 23 Mar 2004 10:31:45 -0500
To: Jimmy.Hsieh@rdc.com.tw
From: Russ Housley <housley@vigilsec.com>
Subject: Re: Question with Using AES CCM Mode With IPsec ESP
Cc: ipsec@lists.tislabs.com
In-Reply-To: <FD9E7CA62511214EBE6EB498E590A5CA65E2B9@rdc1.rdc>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
Jimmy: I do not find any problems between the CCM cipher specification and the latest ESP draft. By the way, the CCM specification is in the RFC Editor's queue. 1. Only the low order bits are transmitted. The AAD is constructed by the sender and the receiver from other information. A combined mode specification could specify that the high order bits are transmitted and that would still be consistent with the ESP specification, but the CCM cipher specification does not do so. 2. The CCM cipher specification defines the structure for the AAD. With regard to combined mode algorithms, the ESP draft says: The Sequence Number (or Extended Sequence Number, as appropriate) and the SPI are inputs to the algorithm, as they must be included in the integrity check computation. The means by which these values are included in this computation are a function of the combined mode algorithm employed and thus not specified in this standard. Again, I see no problem. Russ At 02:02 PM 3/8/2004 +0800, =?big5?B?SmltbXkgSHNpZWggKMHCqN2n+Ck=?= wrote: >Hi Mr. Housley: > After reading "Using AES CCM Mode With IPsec ESP ><draft-ietf-ipsec-ciph-aes-ccm-05.txt>," I have two questions about >constructing AAD. > 1. Is the "64-bit Extended Sequence Number" transmitted? Or > only "Low > 32-bit of Extended Sequence Number" is transmitted. > 2. In "IP Encapsulating Security Payload (ESP) > <draft-ietf-ipsec-esp-v3-08.txt>," it is mentioned that > the high 32-bit of > Extended Sequence Number is placed after the "Next > Header" field. The > Location for high 32-bit of Extended Sequence Number is > differently > defined in <draft-ietf-ipsec-esp-v3-08.txt> and > <draft-ietf-ipsec-ciph-aes-ccm-05.txt>. Could you comment > on this? > >Thank you very much. > >Jimmy Hsieh
- Question with Using AES CCM Mode With IPsec ESP Jimmy Hsieh (謝侑村)
- Re: Question with Using AES CCM Mode With IPsec E… Russ Housley
- RE: Question with Using AES CCM Mode With IPsec E… Jimmy Hsieh (謝侑村)