[IPsec] XCBC MAC / PRF with Camellia proposal necessary?

To: ipsec at ietf.org
Subject: [IPsec] XCBC MAC / PRF with Camellia proposal necessary?
From: Alfred Hönes <ah at TR-Sys.de>
Date: Mon, 19 Oct 2009 12:39:39 +0200 (MESZ)
Cc: draft-kanno-ipsecme-camellia-xcbc at cabernet.tools.IETF.ORG
Delivered-to: ipsec at core3.amsl.com
List-archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-help: <mailto:ipsec-request@ietf.org?subject=help>
List-id: Discussion of IPsec protocols <ipsec.ietf.org>
List-post: <mailto:ipsec@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>

I have performed a detailed editorial review of
draft-kanno-ipsecme-camellia-xcbc-01
and sent it off-list to the authors.

However, there seems to be a more fundamental strategic question:

Per the standardization of CMAC in NIST SP 800-38B,
the original XCBC enhancement to CBC-MAC seems to be
less interesting from a standardization point of view.
(CMAC is a improved refinement of XCBC-MAC, originally
published as OMAC / OMAC1 -- see the explanation in the
Introduction of NIST SP 800-38B.)

For AES as the underlying block cipher, use of CMAC with IPsec
and IKE already has been specified (in RFCs 4494 and 4615,
respectively), and the promoters of Camellia have a similar
draft as well (draft-kato-ipsec-camellia-cmac96and128).

For interoperability purposes, it is important to not let
the IPsec/IKE algorithm portfolio grow unnecessarily.

So I suggest to consider in general whether:

a)  XCBC should be used in new specifications, and/or

b)  the existing XCBC specifications for IPsec might
    be demoted or even deprecated, and/or

c)  CMAC use should be promoted in its support requirement level.

All related RFCs appear in draft-ietf-ipsecme-roadmap, which
thus might be affected by the outcome of any new recommendations.

Kind regards,
  Alfred Hönes.

-- 

+------------------------+--------------------------------------------+
| TR-Sys Alfred Hoenes   |  Alfred Hoenes   Dipl.-Math., Dipl.-Phys.  |
| Gerlinger Strasse 12   |  Phone: (+49)7156/9635-0, Fax: -18         |
| D-71254  Ditzingen     |  E-Mail:  ah at TR-Sys.de                     |
+------------------------+--------------------------------------------+

Prev by Date: Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-ikev2-02
Next by Date: [IPsec] USGv6 Testing Program to begin Operation November 30th, 2009
Previous by thread: Re: [IPsec] review of draft-ietf-ipsecme-aes-ctr-ikev2-02
Next by thread: [IPsec] USGv6 Testing Program to begin Operation November 30th, 2009
Index(es):
- Date
- Thread

[IPsec] XCBC MAC / PRF with Camellia proposal necessary?

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.