Javascript disabled? Like other modern websites, the IETF Datatracker relies on Javascript. Please enable Javascript for full functionality.

Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP)
draft-ietf-ipsec-ciph-aes-ccm-05

Yes

(Steven Bellovin)

No Objection

(Alex Zinin)

(Allison Mankin)

(Bert Wijnen)

(Bill Fenner)

(Harald Alvestrand)

(Jon Peterson)

(Margaret Cullen)

(Ned Freed)

(Ted Hardie)

(Thomas Narten)

Recuse

(Russ Housley)

Note: This ballot was opened for revision 05 and is now closed.

Steven Bellovin Former IESG member

Yes

Yes () Unknown

Alex Zinin Former IESG member

No Objection

No Objection () Unknown

Allison Mankin Former IESG member

(was Discuss, No Objection, Discuss, No Record, No Objection) No Objection

No Objection (2003-11-20) Unknown

A question that is probably for my own education:  a significant issue in the SRTP discussion about AES counter mode was the risk that an attacker could forge an encrypted message that would decode to non-random plaintext, or succeed in an insertion attack, in null or weak authentication.   The Security Area in that case specified strengths by length (of an HMAC-SHA1), requiring at least 96 bits for traffic for which this risk was not tolerable (see draft-ietf-srtp-09.txt, 9.5.1).  Are things hand-wavy enough that the minimum 8 octets is fine?  Is ICV not comparable?  (Not wanting in any way to open any WG  worm-cans that were hard to close, since other drafts that can trade off issues like these really need this document).

Bert Wijnen Former IESG member

No Objection

No Objection () Unknown

Bill Fenner Former IESG member

No Objection

No Objection () Unknown

Harald Alvestrand Former IESG member

No Objection

No Objection () Unknown

Jon Peterson Former IESG member

No Objection

No Objection (2003-11-19) Unknown

Nit, section 2, description of AAD (middle of pg4) - "The construction of the AAD described in section 5" perhaps should be "AAD is described in"?

Nit, third line of Section 4 - "The AES counter block 16 octets", perhaps should be "is 16 octets"?

Margaret Cullen Former IESG member

No Objection

No Objection (2003-11-20) Unknown

My comments are resolved by Russ' -05 update.

Ned Freed Former IESG member

No Objection

No Objection () Unknown

Ted Hardie Former IESG member

No Objection

No Objection () Unknown

Thomas Narten Former IESG member

No Objection

No Objection (2003-11-20) Unknown

>         accommodates a full Jumbogram [JUMBO]; however, the length

missing reference.

>    AES-CCM employs counter mode for encryption.  As with any stream
>    cipher, reuse of the IV same value with the same key is catastrophic.

s/IV same/same IV/

Russ Housley Former IESG member

Recuse

Recuse () Unknown

Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP) draft-ietf-ipsec-ciph-aes-ccm-05

Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP)
draft-ietf-ipsec-ciph-aes-ccm-05