AES Galois Counter Mode (GCM) Cipher Suites for TLS
RFC 5288

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Internet Architecture Board <iab@iab.org>,
    RFC Editor <rfc-editor@rfc-editor.org>, 
    tls mailing list <tls@ietf.org>, 
    tls chair <tls-chairs@tools.ietf.org>
Subject: Protocol Action: 'AES Galois Counter Mode (GCM) Cipher 
         Suites for TLS' to Proposed Standard 

The IESG has approved the following document:

- 'AES Galois Counter Mode (GCM) Cipher Suites for TLS '
   <draft-ietf-tls-rsa-aes-gcm-04.txt> as a Proposed Standard

This document is the product of the Transport Layer Security Working 
Group. 

The IESG contact persons are Pasi Eronen and Tim Polk.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-tls-rsa-aes-gcm-04.txt

Technical Summary

   This document specifies new TLS cipher suites that use AES in
   Galois Counter Mode for data encryption and message integrity.
   These cipher suites use existing TLS authentication and key
   establishment mechanisms.

Working Group Summary

   This document is a product of the Transport Layer Security (TLS)
   Working Group.

Document Quality

   This document represents consensus of the TLS WG.

Personnel

   The Document Shepherd for this document is Eric Rescorla, and the
   responsible Area Director is Pasi Eronen.

RFC Editor Note

   Document title:
   OLD:
      AES-GCM Cipher Suites for TLS
   NEW:
      AES Galois Counter Mode (GCM) Cipher Suites for TLS

   Abstract:
   OLD:
      This memo defines TLS cipher suites that use AES-GCM with RSA,
      DSS and Diffie-Hellman based key exchange mechanisms.
   NEW:
      This memo defines TLS cipher suites that use AES-GCM with RSA,
      DSA and Diffie-Hellman based key exchange mechanisms.
      
   Section 1:
   OLD:
      The following sections define cipher suites based on RSA, DSS
      and Diffie-Hellman key exchanges; ECC based cipher suites are
      defined in a separate document [I-D.ietf-tls-ecc-new-mac].
   NEW:
      The following sections define cipher suites based on RSA, DSA
      and Diffie-Hellman key exchanges; ECC based cipher suites are
      defined in a separate document [I-D.ietf-tls-ecc-new-mac].

   Section 3:
   OLD: 
      Note that each of these AEAD algorithms uses a 128-bit
      authentication tag with GCM.
   NEW:
      Note that each of these AEAD algorithms uses a 128-bit
      authentication tag with GCM (in particular, as described
      in Section 3.5 of [RFC4366], the "truncated_hmac" extension
      does not have an effect on cipher suites that do not use HMAC).

   Section 3:
   OLD:
      struct{
   NEW:
      struct {

   Section 6.1, end of section:
   ADD NEW PARAGRAPH;
      Implementers should also understand the practical 
      considerations of IV handling outlined in Section 9 of [GCM].

   Section 8.2:
   add [RFC4366] to reference list