[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: AES, AES-MAC
At 08:00 AM 5/18/01, Jari Arkko
wrote:
Hello,
I need some clarification on the current status of
the new AES algorithm in the context of the IPsec
standards. Am I correct in assuming the following:
- There are IANA numbers for the use of AES
both in IPsec and IKE
correct
- There is
a draft on the use of AES (including
losing candidates) in IPsec.
also correct
Implementing
these is quite straightforward
and lots folks have implementations, including
us. But what is unclear to me is the following:
- Is there a need for 'use of AES in IKE'
document?
The AES Internet Draft does have an "IKE Interactions" section.
We would welcome comments on any material that is lacking from that
section.
- What is
the standards process: when do
these algorithms find their way to RFCs,
or is it enough with the IANA reservations
and the NIST standards? In particular, when
can other groups and vendors refer to the
use of AES within IPsec in some way other
than through working documents?
The AES Draft will be updated shortly, since it expires this month. Once
the NIST FIPS is final (planned for this summer), we hope to advance to
RFC status.
- I
believe it is possible to use AES as
a MAC algorithm a la DES-MAC. Has this
been specified by NIST? Has it been specified
by IETF how to use it in the context of IPsec?
If there is interest, this could be added to the AES Draft as well.
- I seem
to remember talk about SHA-256/384/512.
What are these and have their use been
specified for IPsec? What is their relationship
to AES-MAC?
Their use has not yet been specified for use with IPsec, but a draft is
planned.
Sheila Frankel
sheila.frankel@nist.gov
References: