Re: AES, AES-MAC

[Stephen Kent <kent@bbn.com>]

At 3:00 PM +0300 5/18/01, Jari Arkko wrote:
>Hello,
>
>I need some clarification on the current status of
>the new AES algorithm in the context of the IPsec
>standards. Am I correct in assuming the following:
>
>- There are IANA numbers for the use of AES
>   both in IPsec and IKE
>- There is a draft on the use of AES (including
>   losing candidates) in IPsec.
>
>Implementing these is quite straightforward
>and lots folks have implementations, including
>us. But what is unclear to me is the following:
>
>- Is there a need for 'use of AES in IKE'
>   document?

probably

>
>- What is the standards process: when do
>   these algorithms find their way to RFCs,
>   or is it enough with the IANA reservations
>   and the NIST standards? In particular, when
>   can other groups and vendors refer to the
>   use of AES within IPsec in some way other
>   than through working documents?

assignment of numbers by IANA does not make algorithms part of the 
IPsec standards. there is a desire to make AES the new default 
algorithm for ESP, and that will require a change to 2406. Also, 
there is the still open question of what modes to use with AES.

>
>- I believe it is possible to use AES as
>   a MAC algorithm a la DES-MAC. Has this
>   been specified by NIST? Has it been specified
>   by IETF how to use it in the context of IPsec?

Again, this is part of revising 2406, if you want it to be a default.

Steve

---

References:

• AES, AES-MAC
• From: Jari Arkko <Jari.Arkko@lmf.ericsson.se>

---

• Prev by Date: NAT traversal clarification?
• Next by Date: Re: NAT traversal clarification?
• Prev by thread: AES, AES-MAC
• Next by thread: Re: AES, AES-MAC
• Index(es):
  • Main
  • Thread