[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Use of AES as prf in IKEv2

To: Hugo Krawczyk <hugo@ee.technion.ac.il>
Subject: Re: Use of AES as prf in IKEv2
From: Charlie_Kaufman@notesdev.ibm.com
Date: Tue, 18 Mar 2003 19:20:07 -0500
Cc: ipsec@lists.tislabs.com
In-Reply-To: <Pine.GSO.4.21.0303180339110.11768-100000@ee.technion.ac.il>
Sender: owner-ipsec@lists.tislabs.com





Having seen the alternatives, I withdraw my earlier objection to Hugo's
proposal for dealing with prf functions with fixed length keys. His
recommendation was that if the prf takes a fixed length key, we take the
first bits of the initiator's nonce as the first half and the first bits of
the responder's nonce as the second half. Not part of his suggestion, but
to make the proposal fully specified in all cases, I'd add that if either
nonce is shorter than half the fixed length key that it be padded with zero
bits.

Does anyone object?

          --Charlie

Opinions expressed may not even be mine by the time you read them, and
certainly don't reflect those of any other entity (legal or otherwise).

Follow-Ups:
- Re: Use of AES as prf in IKEv2
  - From: Uri Blumenthal <uri@bell-labs.com>
- Re: Use of AES as prf in IKEv2
  - From: Hugo Krawczyk <hugo@ee.technion.ac.il>

References:
- Re: Use of AES as prf in IKEv2
  - From: Hugo Krawczyk <hugo@ee.technion.ac.il>

Prev by Date: Re: "Me Tarzan, You Jane" in IKEv2-05
Next by Date: Re: draft-ietf-ipsec-ikev2-05.txt comments
Prev by thread: Re: Use of AES as prf in IKEv2
Next by thread: Re: Use of AES as prf in IKEv2
Index(es):
- Date
- Thread