[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: AES, AES-MAC
At 3:00 PM +0300 5/18/01, Jari Arkko wrote:
>Hello,
>
>I need some clarification on the current status of
>the new AES algorithm in the context of the IPsec
>standards. Am I correct in assuming the following:
>
>- There are IANA numbers for the use of AES
> both in IPsec and IKE
>- There is a draft on the use of AES (including
> losing candidates) in IPsec.
>
>Implementing these is quite straightforward
>and lots folks have implementations, including
>us. But what is unclear to me is the following:
>
>- Is there a need for 'use of AES in IKE'
> document?
probably
>
>- What is the standards process: when do
> these algorithms find their way to RFCs,
> or is it enough with the IANA reservations
> and the NIST standards? In particular, when
> can other groups and vendors refer to the
> use of AES within IPsec in some way other
> than through working documents?
assignment of numbers by IANA does not make algorithms part of the
IPsec standards. there is a desire to make AES the new default
algorithm for ESP, and that will require a change to 2406. Also,
there is the still open question of what modes to use with AES.
>
>- I believe it is possible to use AES as
> a MAC algorithm a la DES-MAC. Has this
> been specified by NIST? Has it been specified
> by IETF how to use it in the context of IPsec?
Again, this is part of revising 2406, if you want it to be a default.
Steve
References: