Re: Promoting PRF_AES128_CBC and AUTH_AES_XCBC_96 from SHOULD to SHOULD+

["Theodore Ts'o" <tytso@mit.edu>]

On Wed, Jun 04, 2003 at 12:47:57PM -0400, David Blaker wrote:
> Although I have seen discussions of using AES for a PRF function on 
> the IPSec mailing list, I am unaware of a formal definition that is 
> documented in a draft. draft-ietf-ipsec-ciph-aes-cbs-05.txt makes no 
> mention of a prf function, as far as I can tell. If PRF_AES128_CBC
> is to be either a SHOULD or a SHOULD+, then someone first needs to
> define it somewhere. Would one of the proposers of this algorithm please
> provide a draft?

Good catch.  It appears that ikev2-algorithms-01 is in error:
PRF_AES128_CBC is not defined in draft-ietf-ipsec-aes-cbc-05, and I
don't see any drafts where it is defined.  So we need to modify
ikev2-algorithms to point at a (currently non-existent) I-D, and we
need to find a volunteer to quickly gin up an I-D which defines
PRF_AES128_CBC.

Barbara and I believe that this shouldn't hold up the IETF last call
for draft-ietf-ipsec-algorithms, since writing up this PRF AES I-D
should be something that can be done quickly, however, with the
dangling reference the algorithms document will stall when it hits the
RFC editor, so we will need to plug this reference quickly.

					- Ted