The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH
RFC 4543

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Internet Architecture Board <iab@iab.org>,
    RFC Editor <rfc-editor@rfc-editor.org>
Subject: Protocol Action: 'The Use of Galois Message 
         Authentication Code (GMAC) in IPsec ESP and AH' to Proposed 
         Standard 

The IESG has approved the following document:

- 'The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and 
   AH '
   <draft-mcgrew-aes-gmac-esp-03.txt> as a Proposed Standard

This document has been reviewed in the IETF but is not the product of an
IETF Working Group. 

The IESG contact person is Russ Housley.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-mcgrew-aes-gmac-esp-03.txt

Technical Summary
 
  AES-GMAC-ESP provides an ESP data origin authentication mechanism that
  is amenable to high speed implementation.  Unlike all other ESP
  authentication mechanisms, it can be parallelized and can avoid
  pipeline stalls.  It is designed so that the incremental cost of
  implementing it, given an implementation is AES-GCM-ESP (RFC4106), is
  small.
 
Working Group Summary
 
  This draft is not the product of any working group; however, it has
  been reviewed by the Fibre Channel Security Protocols group in T11,
  which is considering its adoption.
 
Protocol Quality
 
  There is a software prototype implementation of the specification.

  The document was brought to the attention of the CFRG, which raised no
  concerns.

  The document was brought to the attention of the IPsec mail list,
  which raised no concerns.

  This document was reviewed by Russ Housley for the IESG.

Note to RFC Editor

  Please delete section 1.1 prior to publication.

  Please add the following paragraph at the end of Section 3.3
  (after figure 3):

    The use of 32-bit sequence numbers vs. 64-bit extended sequence
    numbers is determined by the security association (SA) management
    protocol that is used to create the SA.  For IKEv2 [RFC4306] this
    is negotiated via Transform Type 5, and the default for ESP is to
    use 64-bit extended sequence numbers in the absence of negotiation
    (e.g., see Section 2.2.1 of [RFC4303]).