Re: Promoting PRF_AES128_CBC and AUTH_AES_XCBC_96 from SHOULD toSHOULD+

[Uri Blumenthal <uri@bell-labs.com>]

Hugo Krawczyk wrote:
>>I'd volunteer, since I've been working on the thing (on and off)
>>for a while now. But as the discussion demonstrated, it's not as
>>simple - if you want to use that PRF in IKEv2.
> 
> I see no need for further I-D's. As I said in a recent message all is
> needed is a pointer to the AES-XCBC-MAC draft for the definition of what
> ikev2 calls PRF_AES128_CBC. All other issues regarding the use of prf are
> taken care by the ikev2 draft itself.

Respectfully disagree.

 > In particular, the draft completely
> specifies the use of prf's whether with variable length key (such as
> HMAC-SHA) or fixed length key (such as aes128-cbc).

Except for how to construct a pure AES-based PRF.

I understand that HMAC is good, but for some application is may
be preferred to stay within one algorithm (AES).