Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP)
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: IETF-Announce <firstname.lastname@example.org> Cc: Internet Architecture Board <email@example.com>, RFC Editor <firstname.lastname@example.org>, ipsec mailing list <email@example.com>, ipsec chair <firstname.lastname@example.org> Subject: Protocol Action: 'Using AES CCM Mode With IPsec ESP' to Proposed Standard The IESG has approved the following document: - 'Using AES CCM Mode With IPsec ESP ' <draft-ietf-ipsec-ciph-aes-ccm-06.txt> as a Proposed Standard This document is the product of the IP Security Protocol Working Group. The IESG contact persons are Steve Bellovin and Tim Polk. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-ipsec-ciph-aes-ccm-06.txt
This document describes how to use CCM encryption with IPsec's ESP. CCM itself is described elswhere; however, a number of details must be provided to use it, and in particular to use it securely. There was considerable debate over two points: should CCM -- a variant on counter mode -- exist at all, due to security challenges posed by counter mode, and should the ESP sequence number be used as an initialization vector. Both items are discussed and resolved satisfactorily in the document Steven M. Bellovin reviewed this document for the IESG.