An Interface and Algorithms for Authenticated Encryption

Approval announcement
Draft of message to be sent after approval:

From: The IESG 
To: IETF-Announce 
Cc: Internet Architecture Board ,
    RFC Editor 
Subject: Protocol Action: 'An Interface and Algorithms for 
         Authenticated Encryption' to Proposed Standard 

The IESG has approved the following document:

- 'An Interface and Algorithms for Authenticated Encryption '
    as a Proposed Standard

This document has been reviewed in the IETF but is not the product of an
IETF Working Group. 

The IESG contact person is Tim Polk.

A URL of this Internet-Draft is:

Technical Summary

This document defines algorithms for authenticated encryption with
additional authenticated data (AEAD), and defines a uniform interface
and a registry for such algorithms.  The interface and registry can
be used as an application independent set of cryptoalgorithm suites.
This approach provides advantages in efficiency and security, and
promotes the reuse of crypto implementations.  This document
is referenced by the TLS 1.2 draft as a normative dependancy, which has
the benefit of establishing a uniform, well-documented, and well-reviewed
interface to authenticated encryption algorithms in TLS.
Working Group Summary
This document is a personal submission, but was discussed at length on the
CFRG email list.  This draft reflects the CFRG's feedback.  Revisions have
narrowed the scope of the document and aligned it more with some
existing practice, while at the same time removing a couple of
restrictions that the theoretical community objected to.
Protocol Quality
This specification was reviewed for the IESG by Tim Polk.

Note to RFC Editor
Please make the following change in section 8, first sentence of paragraph


   AEAD algorithms that rely on distinct nonces MAY NOT be appropriate
   for some applications or for some scenarios.

   AEAD algorithms that rely on distinct nonces may be inappropriate
   for some applications or for some scenarios.

This document also contains a normative reference to [GCM], a standard
that is in progress at another standards development organization.  Final
publication is expected in November 2007.  Please confirm final
publication of NIST Special Publication 800-38D "Recommendation for Block
Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC" before
publishing this RFC.  To verify the status of 800-38D, please contact
.  Please CC  on the