[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Ipsec] IKEv2: AUTH_AES_XCBC_96
It is changed back in the pending draft.
--Charlie
-----Original Message-----
From: ipsec-bounces@ietf.org [mailto:ipsec-bounces@ietf.org] On Behalf
Of Kevin Li
Sent: Friday, July 16, 2004 9:30 AM
To: Dondeti, Lakshminath
Cc: ipsec@ietf.org
Subject: Re: [Ipsec] IKEv2: AUTH_AES_XCBC_96
I would agree that AUTH_AES_PRF_128 should change back to
AUTH_AES_XCBC_MAC_96 for Transform Type 3 in IKEv2. But to avoid interop
issue later, we would like to see that to be standardized in IKEv2.
BTW, draft-ietf-ipsec-ikev2-algorithms-05.txt is using the number from
older draft of IKEv2.
Thanks.
Kevin
Dondeti, Lakshminath wrote:
> Yes, it is confusing! The reference, RFC 3664 names it
> AES-XCBC-PRF-128; it is a PRF, not an integrity algorithm. Perhaps it
> belongs in the PRF list corresponding to Transform Type 2.
>
> Perhaps AES-XCBC-MAC-96 defined in RFC 3566 might be
> "AUTH_AES_XCBC_MAC_96" and is the correct #5 in Transform Type 3.
>
>
http://www.ietf.org/internet-drafts/draft-ietf-ipsec-ikev2-algorithms-05
.txt
> seems to have it right!
>
> regards,
> Lakshminath
>
> Kevin Li wrote:
>
>> Hi,
>>
>> The latest draft (IKEv2-14) changed the AUTH_AES_XCBC_96 to
>> AUTH_AES_PRF_128.
>>
>> Since AUTH_AES_XCBC_96 is gone in IKEv2, how are we going to
negotiate
>> AUTH_AES_XCBC_96 which ipsec might request for?
>>
>> Is there a new number for AUTH_AES_XCBC_96?
>>
>> Thanks.
>>
>> Kevin
>> Cisco Systems
>>
>> _______________________________________________
>> Ipsec mailing list
>> Ipsec@ietf.org
>> https://www1.ietf.org/mailman/listinfo/ipsec
>>
>
>
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec
_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec