Using Advanced Encryption Standard Counter Mode (AES-CTR) with the Internet Key Exchange version 02 (IKEv2) Protocol
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: IETF-Announce <firstname.lastname@example.org> Cc: Internet Architecture Board <email@example.com>, RFC Editor <firstname.lastname@example.org>, ipsecme mailing list <email@example.com>, ipsecme chair <firstname.lastname@example.org> Subject: Document Action: 'Using Advanced Encryption Standard (AES) Counter Mode with IKEv2' to Informational RFC The IESG has approved the following document: - 'Using Advanced Encryption Standard (AES) Counter Mode with IKEv2 ' <draft-ietf-ipsecme-aes-ctr-ikev2-07.txt> as an Informational RFC This document is the product of the IP Security Maintenance and Extensions Working Group. The IESG contact persons are Sean Turner and Tim Polk. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-ipsecme-aes-ctr-ikev2-07.txt
Technical Summary This document describes how to use the AES-CTR mode with an explicit initialization value to protect IKEv2 messages after keys are established. Working Group Summary This is the product of the IPSECME WG. Nothing worth noting: it got a small but adequate amount of review. Document Quality There are already a bunch of implementations based on developers guessing how to do this; to the best of our knowledge, those implementations match what is described in this document. Personnel Paul Hoffman (email@example.com) is the document Shepherd. Sean Turner (firstname.lastname@example.org) is the Responsible Area Director. The IANA Expert(s) for the registries in this document is Tero Kivinen (email@example.com). RFC Editor Note 1) Please remove the following from the 1st page: Updates: RFC4307 (if approved) 2) Please move the reference to [RFC3686] in Section 7.2 to be the 1st reference in 7.1 (i.e., make it a normative reference). 3) Add the following as a new last paragraph in Section 1: Implementers need to carefully consider use of AES-CTR over the mandatory to implement algorithms in [RFC4307] because the performance improvements of AES-CTR are minimal in the context of IKEv2. Furthermore, these performance improvements may be offset by the Counter Mode-specific risk of a minor, hard to detect, implementation issue resulting in total security failure. 4) Please note that this is intended for informational - not standards as indicated in the header of the draft.