[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Ipsec] IKEv2: AUTH_AES_XCBC_96
Yes, it is confusing! The reference, RFC 3664 names it
AES-XCBC-PRF-128; it is a PRF, not an integrity algorithm. Perhaps it
belongs in the PRF list corresponding to Transform Type 2.
Perhaps AES-XCBC-MAC-96 defined in RFC 3566 might be
"AUTH_AES_XCBC_MAC_96" and is the correct #5 in Transform Type 3.
http://www.ietf.org/internet-drafts/draft-ietf-ipsec-ikev2-algorithms-05.txt
seems to have it right!
regards,
Lakshminath
Kevin Li wrote:
> Hi,
>
> The latest draft (IKEv2-14) changed the AUTH_AES_XCBC_96 to
> AUTH_AES_PRF_128.
>
> Since AUTH_AES_XCBC_96 is gone in IKEv2, how are we going to negotiate
> AUTH_AES_XCBC_96 which ipsec might request for?
>
> Is there a new number for AUTH_AES_XCBC_96?
>
> Thanks.
>
> Kevin
> Cisco Systems
>
> _______________________________________________
> Ipsec mailing list
> Ipsec@ietf.org
> https://www1.ietf.org/mailman/listinfo/ipsec
>
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec