[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AES, AES-MAC




Hello,

I need some clarification on the current status of
the new AES algorithm in the context of the IPsec
standards. Am I correct in assuming the following:

- There are IANA numbers for the use of AES
  both in IPsec and IKE
- There is a draft on the use of AES (including
  losing candidates) in IPsec.

Implementing these is quite straightforward
and lots folks have implementations, including
us. But what is unclear to me is the following:

- Is there a need for 'use of AES in IKE'
  document?

- What is the standards process: when do
  these algorithms find their way to RFCs,
  or is it enough with the IANA reservations
  and the NIST standards? In particular, when
  can other groups and vendors refer to the
  use of AES within IPsec in some way other
  than through working documents?

- I believe it is possible to use AES as
  a MAC algorithm a la DES-MAC. Has this
  been specified by NIST? Has it been specified
  by IETF how to use it in the context of IPsec?

- I seem to remember talk about SHA-256/384/512.
  What are these and have their use been
  specified for IPsec? What is their relationship
  to AES-MAC?

Thanks,

Jari


Follow-Ups: