Skip to main content

Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP)
draft-ietf-ipsec-ciph-aes-ccm-05

Yes

(Steven Bellovin)

No Objection

(Alex Zinin)
(Bert Wijnen)
(Bill Fenner)
(Harald Alvestrand)
(Ned Freed)
(Ted Hardie)

Recuse

(Russ Housley)

Note: This ballot was opened for revision 05 and is now closed.

(Steven Bellovin; former steering group member) Yes

Yes ()

                            

(Alex Zinin; former steering group member) No Objection

No Objection ()

                            

(Allison Mankin; former steering group member) (was Discuss, No Objection, Discuss, No Record, No Objection) No Objection

No Objection (2003-11-20)
A question that is probably for my own education:  a significant issue in the SRTP discussion about AES counter mode was the risk that an attacker could forge an encrypted message that would decode to non-random plaintext, or succeed in an insertion attack, in null or weak authentication.   The Security Area in that case specified strengths by length (of an HMAC-SHA1), requiring at least 96 bits for traffic for which this risk was not tolerable (see draft-ietf-srtp-09.txt, 9.5.1).  Are things hand-wavy enough that the minimum 8 octets is fine?  Is ICV not comparable?  (Not wanting in any way to open any WG  worm-cans that were hard to close, since other drafts that can trade off issues like these really need this document).

(Bert Wijnen; former steering group member) No Objection

No Objection ()

                            

(Bill Fenner; former steering group member) No Objection

No Objection ()

                            

(Harald Alvestrand; former steering group member) No Objection

No Objection ()

                            

(Jon Peterson; former steering group member) No Objection

No Objection (2003-11-19)
Nit, section 2, description of AAD (middle of pg4) - "The construction of the AAD described in section 5" perhaps should be "AAD is described in"?

Nit, third line of Section 4 - "The AES counter block 16 octets", perhaps should be "is 16 octets"?

(Margaret Cullen; former steering group member) No Objection

No Objection (2003-11-20)
My comments are resolved by Russ' -05 update.

(Ned Freed; former steering group member) No Objection

No Objection ()

                            

(Ted Hardie; former steering group member) No Objection

No Objection ()

                            

(Thomas Narten; former steering group member) No Objection

No Objection (2003-11-20)
>         accommodates a full Jumbogram [JUMBO]; however, the length

missing reference.

>    AES-CCM employs counter mode for encryption.  As with any stream
>    cipher, reuse of the IV same value with the same key is catastrophic.

s/IV same/same IV/

(Russ Housley; former steering group member) Recuse

Recuse ()