ipsec October 2009 archive
Main Archive Page > Month Archives  > ipsec archives
ipsec: Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-ikev2-02

Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-ikev2-02

From: Sean Shen <sean.s.shen_at_nospam>
Date: Fri Oct 23 2009 - 11:12:22 GMT
To: Paul Koning <Paul_Koning@dell.com>

Section 2.2 says that "AES MUST use different rounds for each of the key sizes: ...".
The draft is not trying to say that IKEv2 requires 10/12/14 rounds for 128/192/256 key lengths. The draft is not trying to say that AES-CTR requires 10/12/14 rounds for 128/192/256 key lengths.


2009/10/22 Paul Koning <Paul_Koning@dell.com>

> AES is an algorithm with one parameter: the key length. Based on that
> parameter various things change inside the algorithm. It so happens that
> AES has rounds, and the number of rounds is a function of the key length.
> But as Tero says, thatís irrelevant to users of AES. Any mention of rounds
> and other internal stuff belongs in exactly one place, the AES
> specification. It does NOT belong in any specs that are merely users of AES
> Ė such as the AES-CTR spec. It isnít a characteristic of aes-ctr.
> Are you saying that people were arguing otherwise, that rounds need to be
> mentioned in the aes-ctr spec? I strongly disagree; I canít imagine any
> reason why that would be a good idea.
> paul
> *From:* ipsec-bounces@ietf.org [mailto:ipsec-bounces@ietf.org] *On Behalf
> Of *Shen Sean
> *Sent:* Wednesday, October 21, 2009 9:23 PM
> *To:* Tero Kivinen
> *Cc:* ipsec@ietf.org; Alfred Hőnes;
> draft-ietf-ipsecme-aes-ctr-ikev2@tools.ietf.org
> *Subject:* Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-ikev2-02
> Ö
> [Sean] I have no doubt that most users or vendors won't bother to choose
> or change what's already in crypto lib. But, a standard related document is
> responsible to clearly state what are necessary for a product, in this case,
> the basic characteristics of AES-CTR, even though some of these seems
> obvious. I remmeber the very early version of this document does not include
> rounds stuff, but eventually we added it based on reviewers' comments and
> requests.

IPsec mailing list