[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Promoting PRF_AES128_CBC and AUTH_AES_XCBC_96 from SHOULD toSHOULD+

On Mon, 9 Jun 2003, Uri Blumenthal wrote:

> Hugo Krawczyk wrote:
> >>I'd volunteer, since I've been working on the thing (on and off)
> >>for a while now. But as the discussion demonstrated, it's not as
> >>simple - if you want to use that PRF in IKEv2.
> > 
> > I see no need for further I-D's. As I said in a recent message all is
> > needed is a pointer to the AES-XCBC-MAC draft for the definition of what
> > ikev2 calls PRF_AES128_CBC. All other issues regarding the use of prf are
> > taken care by the ikev2 draft itself.
> Respectfully disagree.

care to explain?

>  > In particular, the draft completely
> > specifies the use of prf's whether with variable length key (such as
> > HMAC-SHA) or fixed length key (such as aes128-cbc).
> Except for how to construct a pure AES-based PRF.

what do you mean by "pure AES-based PRF"? Isnt AES-XCBC a pure AES-based