Re: Promoting PRF_AES128_CBC and AUTH_AES_XCBC_96 from SHOULD toSHOULD+

[Uri Blumenthal <uri@bell-labs.com>]

I'd volunteer, since I've been working on the thing (on and off)
for a while now. But as the discussion demonstrated, it's not as
simple - if you want to use that PRF in IKEv2.


Theodore Ts'o wrote:
> On Wed, Jun 04, 2003 at 12:47:57PM -0400, David Blaker wrote:
> 
>>Although I have seen discussions of using AES for a PRF function on 
>>the IPSec mailing list, I am unaware of a formal definition that is 
>>documented in a draft. draft-ietf-ipsec-ciph-aes-cbs-05.txt makes no 
>>mention of a prf function, as far as I can tell. If PRF_AES128_CBC
>>is to be either a SHOULD or a SHOULD+, then someone first needs to
>>define it somewhere. Would one of the proposers of this algorithm please
>>provide a draft?
> 
> 
> Good catch.  It appears that ikev2-algorithms-01 is in error:
> PRF_AES128_CBC is not defined in draft-ietf-ipsec-aes-cbc-05, and I
> don't see any drafts where it is defined.  So we need to modify
> ikev2-algorithms to point at a (currently non-existent) I-D, and we
> need to find a volunteer to quickly gin up an I-D which defines
> PRF_AES128_CBC.
> 
> Barbara and I believe that this shouldn't hold up the IETF last call
> for draft-ietf-ipsec-algorithms, since writing up this PRF AES I-D
> should be something that can be done quickly, however, with the
> dangling reference the algorithms document will stall when it hits the
> RFC editor, so we will need to plug this reference quickly.