Using Advanced Encryption Standard Counter Mode (AES-CTR) with the Internet Key Exchange version 02 (IKEv2) Protocol
draft-ietf-ipsecme-aes-ctr-ikev2-07
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2012-08-22
|
07 | (System) | post-migration administrative database adjustment to the No Objection position for Tim Polk |
2012-08-22
|
07 | (System) | post-migration administrative database adjustment to the No Objection position for Alexey Melnikov |
2012-08-22
|
07 | (System) | post-migration administrative database adjustment to the No Objection position for Adrian Farrel |
2010-05-13
|
07 | (System) | IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor |
2010-05-13
|
07 | (System) | IANA Action state changed to Waiting on RFC Editor from In Progress |
2010-05-13
|
07 | (System) | IANA Action state changed to In Progress from Waiting on Authors |
2010-05-12
|
07 | Cindy Morgan | State Changes to RFC Ed Queue from Approved-announcement sent by Cindy Morgan |
2010-05-12
|
07 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2010-05-12
|
07 | (System) | IANA Action state changed to In Progress |
2010-05-12
|
07 | Cindy Morgan | IESG state changed to Approved-announcement sent |
2010-05-12
|
07 | Cindy Morgan | IESG has approved the document |
2010-05-12
|
07 | Cindy Morgan | Closed "Approve" ballot |
2010-05-12
|
07 | Tim Polk | [Ballot Position Update] Position for Tim Polk has been changed to No Objection from Discuss by Tim Polk |
2010-05-12
|
07 | Sean Turner | Intended Status has been changed to Informational from Proposed Standard |
2010-05-07
|
07 | (System) | Removed from agenda for telechat - 2010-05-06 |
2010-05-06
|
07 | Cindy Morgan | State Changes to IESG Evaluation::AD Followup from IESG Evaluation by Cindy Morgan |
2010-05-06
|
07 | Adrian Farrel | [Ballot Position Update] Position for Adrian Farrel has been changed to No Objection from Discuss by Adrian Farrel |
2010-05-06
|
07 | Tim Polk | [Ballot comment] |
2010-05-06
|
07 | Tim Polk | [Ballot discuss] As I read the document, this fills a hole created by RFC 4307: implementations SHOULD support AES-CTR for IKEv2, but no specification … [Ballot discuss] As I read the document, this fills a hole created by RFC 4307: implementations SHOULD support AES-CTR for IKEv2, but no specification exists. The document does not really provide any justification for why other than the fact that 4307 includes this SHOULD. After some discussion, it appears that revising 4307 is a non-starter for a variety of reasons, but no one has identified a compelling reason to use AES-CTR with IKEv2. There is also no compelling reason to publish this specification on the standards track. This is a case where making this Informational so that it constitutes a downref for standards track publications would be appropriate. I strongly believe we should publish this document as an Informational RFC. |
2010-05-06
|
07 | Tim Polk | [Ballot Position Update] New position, Discuss, has been recorded by Tim Polk |
2010-05-06
|
07 | Jari Arkko | [Ballot Position Update] New position, Yes, has been recorded by Jari Arkko |
2010-05-06
|
07 | Dan Romascanu | [Ballot Position Update] New position, No Objection, has been recorded by Dan Romascanu |
2010-05-06
|
07 | Gonzalo Camarillo | [Ballot Position Update] New position, No Objection, has been recorded by Gonzalo Camarillo |
2010-05-05
|
07 | Robert Sparks | [Ballot Position Update] New position, No Objection, has been recorded by Robert Sparks |
2010-05-05
|
07 | Ron Bonica | [Ballot Position Update] New position, No Objection, has been recorded by Ron Bonica |
2010-05-05
|
07 | Adrian Farrel | [Ballot discuss] I don't understand how this document "updates" RFC 4307. 4307 provides a list of algorithms and classifies them as MUST, SHOULD+, SHOULD, … [Ballot discuss] I don't understand how this document "updates" RFC 4307. 4307 provides a list of algorithms and classifies them as MUST, SHOULD+, SHOULD, etc. 4307 lists AES-CTR as SHOULD. AFAICS, this document does not change the status of AES-CTR. |
2010-05-05
|
07 | Adrian Farrel | [Ballot Position Update] New position, Discuss, has been recorded by Adrian Farrel |
2010-05-05
|
07 | Ralph Droms | [Ballot Position Update] New position, No Objection, has been recorded by Ralph Droms |
2010-05-04
|
07 | Tim Polk | [Ballot comment] I am still considering whether to make this a comment or a discuss-discuss. However, I thought I should make my concerns known now … [Ballot comment] I am still considering whether to make this a comment or a discuss-discuss. However, I thought I should make my concerns known now regardless. As I read the document, this fills a hole created by RFC 4307: implementations SHOULD support AES-CTR for IKEv2, but no specification exists. The document does not really provide any justification for why other than the fact that 4307 includes this SHOULD. Russ Housley's comment points out that this is not a particularly good fit. If satisfying 4307 is the *only* reason to specify this mode for IKEv2 perhaps we should just update 4307 to remove the SHOULD. Can anyone give me a compelling reason to use AES-CTR with IKEv2? |
2010-05-04
|
07 | Stewart Bryant | [Ballot Position Update] New position, No Objection, has been recorded by Stewart Bryant |
2010-05-04
|
07 | Russ Housley | [Ballot comment] I cannot see the justification for using AES-CTR to protect IKEv2 traffic. There is a strong justification for AES-CTR in ESP where … [Ballot comment] I cannot see the justification for using AES-CTR to protect IKEv2 traffic. There is a strong justification for AES-CTR in ESP where there are high data rates. The data rates for IKEv2 traffic ought to be quite small, so the performance improvement is not really needed. Also, the use of counter mode requires care to ensure that the same counter value is never used more than once under the same key. |
2010-05-04
|
07 | Russ Housley | [Ballot Position Update] New position, Abstain, has been recorded by Russ Housley |
2010-05-03
|
07 | Peter Saint-Andre | [Ballot Position Update] New position, No Objection, has been recorded by Peter Saint-Andre |
2010-05-03
|
07 | David Harrington | [Ballot Position Update] New position, No Objection, has been recorded by David Harrington |
2010-04-26
|
07 | Alexey Melnikov | [Ballot Position Update] Position for Alexey Melnikov has been changed to No Objection from Discuss by Alexey Melnikov |
2010-04-24
|
07 | Alexey Melnikov | [Ballot discuss] This is a fine document, but I have one almost trivial comment: [RFC3686] Housley, R., "Using Advanced Encryption Standard (AES) … |
2010-04-24
|
07 | Alexey Melnikov | [Ballot Position Update] New position, Discuss, has been recorded by Alexey Melnikov |
2010-04-19
|
07 | Sean Turner | State Changes to IESG Evaluation from Waiting for AD Go-Ahead by Sean Turner |
2010-04-19
|
07 | Sean Turner | Placed on agenda for telechat - 2010-05-06 by Sean Turner |
2010-04-19
|
07 | Sean Turner | [Ballot Position Update] New position, Yes, has been recorded for Sean Turner |
2010-04-19
|
07 | Sean Turner | Ballot has been issued by Sean Turner |
2010-04-19
|
07 | Sean Turner | Created "Approve" ballot |
2010-04-19
|
07 | (System) | State has been changed to Waiting for AD Go-Ahead from In Last Call by system |
2010-04-14
|
07 | Amanda Baber | IANA comments: Upon approval of this document, IANA will make the following change in the "Transform Type 1 - Encryption Algorithm Transform IDs" registry at … IANA comments: Upon approval of this document, IANA will make the following change in the "Transform Type 1 - Encryption Algorithm Transform IDs" registry at http://www.iana.org/assignments/ikev2-parameters OLD: Number Name ESP Reference IKEv2 Reference ------ ------------- ------------- --------------- 13 ENCR_AES_CTR [RFC3686] NEW: Number Name ESP Reference IKEv2 Reference ------ ------------- ------------- --------------- 13 ENCR_AES_CTR [RFC3686][RFC-ipsecme-aes-ctr-ikev2-07] |
2010-04-09
|
07 | Samuel Weiler | Request for Last Call review by SECDIR is assigned to Chris Newman |
2010-04-09
|
07 | Samuel Weiler | Request for Last Call review by SECDIR is assigned to Chris Newman |
2010-04-05
|
07 | Amy Vezza | Last call sent |
2010-04-05
|
07 | Amy Vezza | State Changes to In Last Call from Last Call Requested by Amy Vezza |
2010-04-05
|
07 | Sean Turner | State Changes to Last Call Requested from AD Evaluation::AD Followup by Sean Turner |
2010-04-05
|
07 | Sean Turner | Last Call was requested by Sean Turner |
2010-04-05
|
07 | (System) | Ballot writeup text was added |
2010-04-05
|
07 | (System) | Last call text was added |
2010-04-05
|
07 | (System) | Ballot approval text was added |
2010-03-31
|
07 | (System) | New version available: draft-ietf-ipsecme-aes-ctr-ikev2-07.txt |
2010-03-31
|
07 | Sean Turner | [Note]: 'Paul Hoffman (paul.hoffman@vpnc.org) is the document shepherd.' added by Sean Turner |
2010-03-31
|
07 | Sean Turner | Responsible AD has been changed to Sean Turner from Pasi Eronen |
2010-03-31
|
06 | (System) | New version available: draft-ietf-ipsecme-aes-ctr-ikev2-06.txt |
2010-03-02
|
07 | (System) | Sub state has been changed to AD Follow up from New Id Needed |
2010-03-02
|
05 | (System) | New version available: draft-ietf-ipsecme-aes-ctr-ikev2-05.txt |
2010-01-27
|
07 | Pasi Eronen | State Changes to AD Evaluation::Revised ID Needed from AD Evaluation by Pasi Eronen |
2010-01-26
|
07 | Pasi Eronen | State Changes to AD Evaluation from Publication Requested by Pasi Eronen |
2010-01-26
|
07 | Pasi Eronen | [Note]: 'Paul Hoffman (paul.hoffman@vpnc.org) is the document shepherd.' added by Pasi Eronen |
2009-12-04
|
07 | Cindy Morgan | [Note]: 'Paul Hoffman (paul.hoffman@vpnc.org) is the document shepherd.' added by Cindy Morgan |
2009-12-04
|
07 | Cindy Morgan | (1.a) Who is the Document Shepherd for this document? Has the Document Shepherd personally reviewed this version of the document and, in particular, does he … (1.a) Who is the Document Shepherd for this document? Has the Document Shepherd personally reviewed this version of the document and, in particular, does he or she believe this version is ready for forwarding to the IESG for publication? The document shepherd is Paul Hoffman, co-chair of the ipsecme WG. I have reviewed it and believe it is ready for publication. (1.b) Has the document had adequate review both from key WG members and from key non-WG members? Does the Document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? The document has had a fair amount of review within the ipsecme WG, including by at least one active developer. I do not have any concerns about these reviews. (1.c) Does the Document Shepherd have concerns that the document needs more review from a particular or broader perspective, e.g., security, operational complexity, someone familiar with AAA, internationalization or XML? I have no such concerns. The document lies fully within the ipsecme WG's area of expertise. (1.d) Does the Document Shepherd have any specific concerns or issues with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. Has an IPR disclosure related to this document been filed? If so, please include a reference to the disclosure and summarize the WG discussion and conclusion on this issue. I have no such concerns. There have been no IPR disclosures. (1.e) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? The WG consensus was mostly from silence, but there were enough people who read the document and no disagreement. (1.f) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is entered into the ID Tracker.) No. (1.g) Has the Document Shepherd personally verified that the document satisfies all ID nits? (See http://www.ietf.org/ID-Checklist.html and http://tools.ietf.org/tools/idnits/). Boilerplate checks are not enough; this check needs to be thorough. Has the document met all formal review criteria it needs to, such as the MIB Doctor, media type and URI type reviews? Yes, I have personally verified that. No formal review criteria are applicable. (1.h) Has the document split its references into normative and informative? Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the strategy for their completion? Are there normative references that are downward references, as described in [RFC3967]? If so, list these downward references to support the Area Director in the Last Call procedure for them [RFC3967]. There are three normative references to non-RFCs: two to NIST documents, and one to the IKEv2 IANA registry. All are appropriate. (1.i) Has the Document Shepherd verified that the document IANA consideration section exists and is consistent with the body of the document? If the document specifies protocol extensions, are reservations requested in appropriate IANA registries? Are the IANA registries clearly identified? If the document creates a new registry, does it define the proposed initial contents of the registry and an allocation procedure for future registrations? Does it suggest a reasonable name for the new registry? See [RFC5226]. If the document describes an Expert Review process has Shepherd conferred with the Responsible Area Director so that the IESG can appoint the needed Expert during the IESG Evaluation? The documents requires no IANA actions; it re-states the current value for the algorithm. (1.j) Has the Document Shepherd verified that sections of the document that are written in a formal language, such as XML code, BNF rules, MIB definitions, etc., validate correctly in an automated checker? There are no such sections. (1.k) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up? Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary Relevant content can frequently be found in the abstract and/or introduction of the document. If not, this may be an indication that there are deficiencies in the abstract or introduction. This document describes how to use the AES-CTR mode with an explicit initialization value to protect IKEv2 messages after keys are established. Working Group Summary Was there anything in WG process that is worth noting? For example, was there controversy about particular points or were there decisions where the consensus was particularly rough? Nothing worth noting: it got a small but adequate amount of review. Document Quality Are there existing implementations of the protocol? Have a significant number of vendors indicated their plan to implement the specification? Are there any reviewers that merit special mention as having done a thorough review, e.g., one that resulted in important changes or a conclusion that the document had no substantive issues? If there was a MIB Doctor, Media Type or other expert review, what was its course (briefly)? In the case of a Media Type review, on what date was the request posted? There are already a bunch of implementations based on developers guessing how to do this; to the best of our knowledge, those implementations match what is described in this document. |
2009-12-04
|
07 | Cindy Morgan | Draft Added by Cindy Morgan in state Publication Requested |
2009-12-04
|
04 | (System) | New version available: draft-ietf-ipsecme-aes-ctr-ikev2-04.txt |
2009-11-25
|
03 | (System) | New version available: draft-ietf-ipsecme-aes-ctr-ikev2-03.txt |
2009-09-16
|
02 | (System) | New version available: draft-ietf-ipsecme-aes-ctr-ikev2-02.txt |
2009-08-18
|
01 | (System) | New version available: draft-ietf-ipsecme-aes-ctr-ikev2-01.txt |
2009-07-27
|
00 | (System) | New version available: draft-ietf-ipsecme-aes-ctr-ikev2-00.txt |