The AES128 CTR Mode of Operation and Its Use With IPsec

Document Type Expired Internet-Draft (individual)
Authors Jesse Walker  , Robert Moskowitz 
Last updated 2001-09-17
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document describes the use of the AES Cipher Algorithm with 128 bit key in Counter (CTR) Mode, with an implicit counter, as a confidentiality mechanism within the context of the IPsec Encapsulating Security Payload [ESP]. CTR is a parallelizable block-cipher mode of operation. It uses the underlying block cipher as a stream cipher. Accordingly, great care must be exercised to utilize it appropriately within IPsec.


Jesse Walker (
Robert Moskowitz (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)