[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Promoting PRF_AES128_CBC and AUTH_AES_XCBC_96 from SHOULD toSHOULD+

To: Uri Blumenthal <uri@bell-labs.com>
Subject: Re: Promoting PRF_AES128_CBC and AUTH_AES_XCBC_96 from SHOULD toSHOULD+
From: Hugo Krawczyk <hugo@ee.technion.ac.il>
Date: Tue, 10 Jun 2003 02:20:33 +0300 (IDT)
cc: IPsec WG <ipsec@lists.tislabs.com>
In-Reply-To: <3EE5100E.3020608@bell-labs.com>
Sender: owner-ipsec@lists.tislabs.com



On Mon, 9 Jun 2003, Uri Blumenthal wrote:

> Hugo Krawczyk wrote:
> >>I'd volunteer, since I've been working on the thing (on and off)
> >>for a while now. But as the discussion demonstrated, it's not as
> >>simple - if you want to use that PRF in IKEv2.
> > 
> > I see no need for further I-D's. As I said in a recent message all is
> > needed is a pointer to the AES-XCBC-MAC draft for the definition of what
> > ikev2 calls PRF_AES128_CBC. All other issues regarding the use of prf are
> > taken care by the ikev2 draft itself.
> 
> Respectfully disagree.

care to explain?

> 
>  > In particular, the draft completely
> > specifies the use of prf's whether with variable length key (such as
> > HMAC-SHA) or fixed length key (such as aes128-cbc).
> 
> Except for how to construct a pure AES-based PRF.

what do you mean by "pure AES-based PRF"? Isnt AES-XCBC a pure AES-based
prf?

Hugo

Follow-Ups:
- Re: Promoting PRF_AES128_CBC and AUTH_AES_XCBC_96 from SHOULD toSHOULD+
  - From: Uri Blumenthal <uri@bell-labs.com>

References:
- Re: Promoting PRF_AES128_CBC and AUTH_AES_XCBC_96 from SHOULD toSHOULD+
  - From: Uri Blumenthal <uri@bell-labs.com>

Prev by Date: Re: Promoting PRF_AES128_CBC and AUTH_AES_XCBC_96 from SHOULD toSHOULD+
Next by Date: Identity protection [Re: Working Group Last Call IKEv2]
Prev by thread: Re: Promoting PRF_AES128_CBC and AUTH_AES_XCBC_96 from SHOULD toSHOULD+
Next by thread: Re: Promoting PRF_AES128_CBC and AUTH_AES_XCBC_96 from SHOULD toSHOULD+
Index(es):
- Date
- Thread