Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP)
draft-ietf-ipsec-ciph-aes-ccm-05
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2012-08-22
|
05 | (System) | post-migration administrative database adjustment to the No Objection position for Allison Mankin |
2004-02-06
|
05 | Amy Vezza | State Changes to RFC Ed Queue from Approved-announcement sent by Amy Vezza |
2004-02-05
|
05 | Amy Vezza | IESG state changed to Approved-announcement sent |
2004-02-05
|
05 | Amy Vezza | IESG has approved the document |
2004-02-05
|
05 | Amy Vezza | Closed "Approve" ballot |
2003-11-25
|
05 | Steven Bellovin | State Changes to Approved-announcement to be sent from IESG Evaluation by Steve Bellovin |
2003-11-21
|
05 | Amy Vezza | Removed from agenda for telechat - 2003-11-20 by Amy Vezza |
2003-11-20
|
05 | (System) | [Ballot Position Update] New position, No Objection, has been recorded for Ted Hardie |
2003-11-20
|
05 | Amy Vezza | [Ballot Position Update] New position, No Objection, has been recorded for by Amy Vezza |
2003-11-20
|
05 | Amy Vezza | [Ballot Position Update] New position, No Objection, has been recorded for by Amy Vezza |
2003-11-20
|
05 | Allison Mankin | [Ballot Position Update] Position for Allison Mankin has been changed to No Objection from Discuss by Allison Mankin |
2003-11-20
|
05 | Allison Mankin | [Ballot discuss] Needs to be fixed, though not really a Discuss: the Acknowledgments say that CCM is unencumbered by patents, but IETF policy is to … [Ballot discuss] Needs to be fixed, though not really a Discuss: the Acknowledgments say that CCM is unencumbered by patents, but IETF policy is to have no comment on IPR. (And alas, one hopes this is true, but someone else may make some claim...). I cleared my Discuss once Steve supported that this text would be removed. |
2003-11-20
|
05 | Allison Mankin | [Ballot Position Update] Position for Allison Mankin has been changed to Discuss from No Objection by Allison Mankin |
2003-11-20
|
05 | Allison Mankin | [Ballot Position Update] Position for Allison Mankin has been changed to No Objection from Discuss by Allison Mankin |
2003-11-20
|
05 | Margaret Cullen | [Ballot comment] My comments are resolved by Russ' -05 update. |
2003-11-20
|
05 | Thomas Narten | [Ballot comment] > accommodates a full Jumbogram [JUMBO]; however, the length missing reference. > AES-CCM employs counter mode for encryption. As … [Ballot comment] > accommodates a full Jumbogram [JUMBO]; however, the length missing reference. > AES-CCM employs counter mode for encryption. As with any stream > cipher, reuse of the IV same value with the same key is catastrophic. s/IV same/same IV/ |
2003-11-20
|
05 | Thomas Narten | [Ballot Position Update] New position, No Objection, has been recorded for by Thomas Narten |
2003-11-20
|
05 | Bill Fenner | [Ballot Position Update] New position, No Objection, has been recorded for by Bill Fenner |
2003-11-20
|
05 | Bert Wijnen | [Ballot Position Update] New position, No Objection, has been recorded for by Bert Wijnen |
2003-11-20
|
05 | Allison Mankin | [Ballot comment] A question that is probably for my own education: a significant issue in the SRTP discussion about AES counter mode was the risk … [Ballot comment] A question that is probably for my own education: a significant issue in the SRTP discussion about AES counter mode was the risk that an attacker could forge an encrypted message that would decode to non-random plaintext, or succeed in an insertion attack, in null or weak authentication. The Security Area in that case specified strengths by length (of an HMAC-SHA1), requiring at least 96 bits for traffic for which this risk was not tolerable (see draft-ietf-srtp-09.txt, 9.5.1). Are things hand-wavy enough that the minimum 8 octets is fine? Is ICV not comparable? (Not wanting in any way to open any WG worm-cans that were hard to close, since other drafts that can trade off issues like these really need this document). |
2003-11-20
|
05 | Allison Mankin | [Ballot comment] A question that is probably for my own education: a significant issue in the SRTP discussion about AES counter mode was the risk … [Ballot comment] A question that is probably for my own education: a significant issue in the SRTP discussion about AES counter mode was the risk that an attacker could forge an encrypted message that would decode to non-random plaintext, or succeed in an insertion attack, in null or weak authentication. The Security Area in that case specified strengths by length (of an HMAC-SHA1), requiring at least 96 bits for traffic for which this risk was not tolerable (see draft-ietf-srtp-09.txt, 9.5.1). Is there a reason why the ICV in CCM doesn't have these risks at 4 or 8 octets? I noted that the mandatory lengths were longer, and I certainly don't want this document, which is needed by others, where the risks are tradeoffs by the developers, to be controversial as it was in the WG. Just curious, but no time to research the WG mailing list. |
2003-11-20
|
05 | Allison Mankin | [Ballot discuss] Needs to be fixed, though not really a Discuss: the Acknowledgments say that CCM is unencumbered by patents, but IETF policy is to … [Ballot discuss] Needs to be fixed, though not really a Discuss: the Acknowledgments say that CCM is unencumbered by patents, but IETF policy is to have no comment on IPR. (And alas, one hopes this is true, but someone else may make some claim...). |
2003-11-20
|
05 | Allison Mankin | [Ballot Position Update] Position for Allison Mankin has been changed to Discuss from Undefined by Allison Mankin |
2003-11-20
|
05 | Allison Mankin | [Ballot comment] A question that is probably for my own education: a significant issue in the SRTP discussion about AES counter mode was the risk … [Ballot comment] A question that is probably for my own education: a significant issue in the SRTP discussion about AES counter mode was the risk that an attacker could forge an encrypted message that would decode to non-random plaintext, or succeed in an insertion attack, in null or weak authentication. The Security Area in that case specified strengths by length (of an HMAC-SHA1), requiring at least 96 bits for traffic for which this risk was not tolerable (see draft-ietf-srtp-09.txt, 9.5.1). Is there a reason why the ICV in CCM doesn't have these risks at 4 or 8 octets? |
2003-11-20
|
05 | Allison Mankin | [Ballot comment] Needs to be fixed, but I would not call it a Discuss: the Acknowledgments say that CCM is unencumbered by patents, but IETF … [Ballot comment] Needs to be fixed, but I would not call it a Discuss: the Acknowledgments say that CCM is unencumbered by patents, but IETF policy is to have no comment on IPR. (And alas, one hopes this is true, but someone else may make some claim...). A question that is probably for my own education: a significant issue in the SRTP discussion about AES counter mode was the risk that an attacker could forge an encrypted message that would decode to non-random plaintext, or succeed in an insertion attack, in null or weak authentication. The Security Area in that case specified strengths by length (of an HMAC-SHA1), requiring at least 96 bits for traffic for which this risk was not tolerable (see draft-ietf-srtp-09.txt, 9.5.1). Is there a reason why the ICV in CCM doesn't have these risks at 4 or 8 octets? |
2003-11-20
|
05 | Allison Mankin | [Ballot Position Update] New position, Undefined, has been recorded for by Allison Mankin |
2003-11-20
|
05 | (System) | New version available: draft-ietf-ipsec-ciph-aes-ccm-05.txt |
2003-11-19
|
05 | Jon Peterson | [Ballot comment] Nit, section 2, description of AAD (middle of pg4) - "The construction of the AAD described in section 5" perhaps should be "AAD … [Ballot comment] Nit, section 2, description of AAD (middle of pg4) - "The construction of the AAD described in section 5" perhaps should be "AAD is described in"? Nit, third line of Section 4 - "The AES counter block 16 octets", perhaps should be "is 16 octets"? |
2003-11-19
|
05 | Jon Peterson | [Ballot Position Update] New position, No Objection, has been recorded for by Jon Peterson |
2003-11-19
|
05 | Amy Vezza | [Ballot Position Update] New position, No Objection, has been recorded for by Amy Vezza |
2003-11-19
|
05 | Harald Alvestrand | [Ballot Position Update] New position, No Objection, has been recorded for by Harald Alvestrand |
2003-11-19
|
05 | Margaret Cullen | [Ballot comment] >>Abstract >> >> This document describes the use of AES CCM Mode, with an explicit >> initialization vector, as an IPsec Encapsulating Security … [Ballot comment] >>Abstract >> >> This document describes the use of AES CCM Mode, with an explicit >> initialization vector, as an IPsec Encapsulating Security Payload >> (ESP) mechanism to provide confidentiality, data origin >> authentication, connectionless integrity. AES CCM mode should be expanded. Also, it should be consistently hyphenated (AES-CCM) or not hyphenated (AES CCM) throughout the document. |
2003-11-19
|
05 | Margaret Cullen | [Ballot Position Update] New position, No Objection, has been recorded for by Margaret Wasserman |
2003-11-19
|
05 | Russ Housley | [Ballot Position Update] New position, Recuse, has been recorded for by Russ Housley |
2003-11-19
|
05 | Steven Bellovin | State Changes to IESG Evaluation from Waiting for AD Go-Ahead by Steve Bellovin |
2003-11-19
|
05 | Steven Bellovin | [Ballot Position Update] New position, Yes, has been recorded for Steven Bellovin |
2003-11-19
|
05 | Steven Bellovin | Ballot has been issued by Steve Bellovin |
2003-11-19
|
05 | Steven Bellovin | Created "Approve" ballot |
2003-11-19
|
05 | (System) | Ballot writeup text was added |
2003-11-19
|
05 | (System) | Last call text was added |
2003-11-19
|
05 | (System) | Ballot approval text was added |
2003-11-09
|
05 | Steven Bellovin | Placed on agenda for telechat - 2003-11-20 by Steve Bellovin |
2003-09-10
|
05 | Steven Bellovin | State Changes to Waiting for AD Go-Ahead from In Last Call by Steve Bellovin |
2003-08-14
|
05 | Michael Lee | Revised Last Call has been issued |
2003-08-14
|
05 | Michael Lee | Status date has been changed to 2003-8-28 from |
2003-08-14
|
05 | Michael Lee | Last call sent |
2003-08-14
|
05 | Michael Lee | State Changes to In Last Call from In Last Call by Michael Lee |
2003-08-13
|
05 | Steven Bellovin | Intended Status has been changed to Proposed Standard from None |
2003-08-12
|
05 | Michael Lee | State Changes to In Last Call from Last Call Requested by Michael Lee |
2003-08-12
|
05 | Steven Bellovin | State Changes to Last Call Requested from Publication Requested by Steve Bellovin |
2003-08-06
|
05 | Steven Bellovin | State Changes to Publication Requested from AD is watching::Revised ID Needed by Steve Bellovin |
2003-08-06
|
05 | Steven Bellovin | draft-ietf-ipsec-ciph-aes-ccm has been updated to address the IKEv2 specificity problem which Tero raised, and a reference to [CCM] for test vectors. |
2003-07-24
|
04 | (System) | New version available: draft-ietf-ipsec-ciph-aes-ccm-04.txt |
2003-06-27
|
05 | Steven Bellovin | Needs test vectors; possibly should wait for 2401bis and ESPbis. |
2003-06-27
|
05 | Steven Bellovin | State Changes to AD is watching :: Revised ID Needed from AD Evaluation by Bellovin, Steve |
2003-06-25
|
05 | Steven Bellovin | State Changes to AD Evaluation from Publication Requested by Bellovin, Steve |
2003-06-19
|
05 | Steven Bellovin | Draft Added by Bellovin, Steve |
2003-05-30
|
03 | (System) | New version available: draft-ietf-ipsec-ciph-aes-ccm-03.txt |
2003-03-03
|
02 | (System) | New version available: draft-ietf-ipsec-ciph-aes-ccm-02.txt |
2003-01-27
|
01 | (System) | New version available: draft-ietf-ipsec-ciph-aes-ccm-01.txt |
2003-01-23
|
00 | (System) | New version available: draft-ietf-ipsec-ciph-aes-ccm-00.txt |