ipsec October 2009 archive
Main Archive Page > Month Archives  > ipsec archives
ipsec: Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-ikev2-02

Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-ikev2-02

From: Paul Koning <Paul_Koning_at_nospam>
Date: Thu Oct 22 2009 - 01:33:59 GMT
To: "Shen Sean" <sean.s.shen@gmail.com>, "Tero Kivinen" <kivinen@iki.fi>

AES is an algorithm with one parameter: the key length. Based on that parameter various things change inside the algorithm. It so happens that AES has rounds, and the number of rounds is a function of the key length. But as Tero says, that's irrelevant to users of AES. Any mention of rounds and other internal stuff belongs in exactly one place, the AES specification. It does NOT belong in any specs that are merely users of AES - such as the AES-CTR spec. It isn't a characteristic of aes-ctr.  

Are you saying that people were arguing otherwise, that rounds need to be mentioned in the aes-ctr spec? I strongly disagree; I can't imagine any reason why that would be a good idea.   paul

From: ipsec-bounces@ietf.org [mailto:ipsec-bounces@ietf.org] On Behalf Of Shen Sean Sent: Wednesday, October 21, 2009 9:23 PM To: Tero Kivinen
Cc: ipsec@ietf.org; Alfred Hnes; draft-ietf-ipsecme-aes-ctr-ikev2@tools.ietf.org Subject: Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-ikev2-02


 [Sean] I have no doubt that most users or vendors won't bother to choose or change what's already in crypto lib. But, a standard related document is responsible to clearly state what are necessary for a product, in this case, the basic characteristics of AES-CTR, even though some of these seems obvious. I remmeber the very early version of this document does not include rounds stuff, but eventually we added it based on reviewers' comments and requests.    

IPsec mailing list