Using Authenticated Encryption Algorithms with the Encrypted Payload of the Internet Key Exchange version 2 (IKEv2) Protocol
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: Internet Architecture Board <firstname.lastname@example.org>, RFC Editor <email@example.com> Subject: Protocol Action: 'Using Authenticated Encryption Algorithms with the Encrypted Payload of the Internet Key Exchange version 2 (IKEv2) Protocol' to Proposed Standard The IESG has approved the following document: - 'Using Authenticated Encryption Algorithms with the Encrypted Payload of the Internet Key Exchange version 2 (IKEv2) Protocol ' <draft-black-ipsec-ikev2-aead-modes-02.txt> as a Proposed Standard This document has been reviewed in the IETF but is not the product of an IETF Working Group. The IESG contact person is Tim Polk. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-black-ipsec-ikev2-aead-modes-02.txt
Technical Summary An authenticated encryption algorithm combines encryption and integrity into a single operation; such algorithms may also be referred to as combined modes of an encryption cipher or as combined mode algorithms. This document describes the use of authenticated encryption algorithms with the Encrypted Payload of the Internet Key Exchange version 2 (IKEv2) protocol. The use of two specific authenticated encryption algorithms with the IKEv2 Encrypted Payload is also described; these two algorithms are the Advanced Encryption Standard (AES) in Galois/Counter Mode (AES GCM) and AES in Counter with CBC-MAC Mode (AES CCM). Additional documents may describe the use of other authenticated encryption algorithms with the IKEv2 Encrypted Payload. Working Group Summary This document is an individual submission. A pseudo working group Last Call was conducted on the firstname.lastname@example.org mailing list by the Responsible Area Director (Tim Polk). No issues resulted from this pseudo WG Last Call. Document Quality Versions of this document have been reviewed by Charlie Kaufman, Pasi Eronen, Tero Kivinen, Steve Kent and Alfred Hoenes in addition to the authors. Personnel Document Shepherd: David L. Black Responsible Area Director: Tim Polk Personnel The Document Shepherd is David L. Black. Tim Polk is the Responsible Area Director. RFC Editor Note Please make the following changes, (a) through (e): (a) last sentence of the third paragraph of Section 1: OLD: The current version of ESP is version 2, ESPv2 [RFC4303]. NEW: The current version of ESP is version 3, ESPv3 [RFC4303]. (b) First line of the second paragraph of Section 7.1: OLD: IKEv2 makes the use of ... ^^^ NEW: IKEv2 makes use of ... (c) First sentence of Section 7.2: OLD: This section is unique to IKEv2 Encrypted Payload usage of AES GCM NEW: This section is unique to the IKEv2 Encrypted Payload usage of AES ^^^ (d) Section 10.1, 2nd line Insert the missing space: s/AEAD_*algorithms/AEAD_* algorithms/ (e) Section 10.2.1 OLD: The AEAD_AES_128_CCM_SHORT ciphertext is formed by appending the authentication tag provided as an output to the CCM encryption ^^ NEW: The AEAD_AES_128_CCM_SHORT ciphertext is formed by appending the authentication tag provided as an output of the CCM encryption ^^ In addition, it has been suggested that the "Conventions used in this document" material that comes after the Abstract should be moved to the end of Section 1 and become Section 1.1. Whether to do this is left to the RFC Editor's (wise) discretion.