This document describes how to use CCM encryption with IPsec's ESP.
CCM itself is described elswhere; however, a number of details must be
provided to use it, and in particular to use it securely.
There was considerable debate over two points: should CCM -- a variant on
counter mode -- exist at all, due to security challenges posed by counter
mode, and should the ESP sequence number be used as an initialization
vector. Both items are discussed and resolved satisfactorily in the document
Steven M. Bellovin reviewed this document for the IESG.