Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP)
RFC 4309

Note: This ballot was opened for revision 05 and is now closed.

(Steven Bellovin) Yes

(Harald Alvestrand) No Objection

(Margaret Cullen) No Objection

Comment (2003-11-20)
No email
send info
My comments are resolved by Russ' -05 update.

(Bill Fenner) No Objection

(Ned Freed) No Objection

(Ted Hardie) No Objection

(Allison Mankin) (was Discuss, No Objection, Discuss, No Record, No Objection) No Objection

Comment (2003-11-20)
No email
send info
A question that is probably for my own education:  a significant issue in the SRTP discussion about AES counter mode was the risk that an attacker could forge an encrypted message that would decode to non-random plaintext, or succeed in an insertion attack, in null or weak authentication.   The Security Area in that case specified strengths by length (of an HMAC-SHA1), requiring at least 96 bits for traffic for which this risk was not tolerable (see draft-ietf-srtp-09.txt, 9.5.1).  Are things hand-wavy enough that the minimum 8 octets is fine?  Is ICV not comparable?  (Not wanting in any way to open any WG  worm-cans that were hard to close, since other drafts that can trade off issues like these really need this document).

(Thomas Narten) No Objection

Comment (2003-11-20)
No email
send info
>         accommodates a full Jumbogram [JUMBO]; however, the length

missing reference.

>    AES-CCM employs counter mode for encryption.  As with any stream
>    cipher, reuse of the IV same value with the same key is catastrophic.

s/IV same/same IV/

(Jon Peterson) No Objection

Comment (2003-11-19 for -** No value found for 'p.get_dochistory.rev' **)
No email
send info
Nit, section 2, description of AAD (middle of pg4) - "The construction of the AAD described in section 5" perhaps should be "AAD is described in"?

Nit, third line of Section 4 - "The AES counter block 16 octets", perhaps should be "is 16 octets"?

(Bert Wijnen) No Objection

(Alex Zinin) No Objection

(Russ Housley) Recuse