How will we specify AES key lengths?

[Paul Hoffman / VPNC <paul.hoffman@vpnc.org>]

At 11:27 AM +0200 5/18/03, Yoav Nir wrote:
>Sorry I didn't ask about this earlier.  With some vendors already offering
>AES with larger keys (192- and 256-bit), why aren't there numbers assigned
>for these transforms (section 2.1)

Thank you for highlighting a problem that the WG doesn't seem to have 
noticed before now. The WG needs to decide how to specify the key 
length for AES. We now have WG documents that do this in two 
different ways: with the Key Length attribute in IKEv1 and IKEv2, or 
with a different identifier for each of the three key lengths.

draft-ietf-ipsec-ciph-aes-cbc-05.txt for AES in CBC mode says:

    5.3 Key Length Attribute

    Since the AES allows variable key lengths, the Key Length attribute
    MUST be specified in both a Phase 1 exchange [IKE] and a Phase 2
    exchange [DOI].

draft-ietf-ipsec-ciph-aes-ctr-03.txt for AES in CTR mode says:

    9. IANA Considerations

    IANA has assigned three ESP transform numbers for use with AES-CTR
    with an explicit IV, one for each AES key size:

       <TBD1> for AES-CTR with a 128 bit key;
       <TBD2> for AES-CTR with a 192 bit key; and
       <TBD3> for AES-CTR with a 256 bit key.

I propose that the WG standardize on one method. Given that there are 
a fair number of deployed implementations of 
draft-ietf-ipsec-ciph-aes-cbc but few or none of 
draft-ietf-ipsec-ciph-aes-ctr, it seems like 
draft-ietf-ipsec-ciph-aes-ctr should be changed to use the method 
that has already been deployed.

Thoughts?

--Paul Hoffman, Director
--VPN Consortium