Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: IETF-Announce <firstname.lastname@example.org> Cc: Internet Architecture Board <email@example.com>, RFC Editor <firstname.lastname@example.org> Subject: Protocol Action: 'Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 With IPsec' to Proposed Standard The IESG has approved the following document: - 'Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 With IPsec ' <draft-kelly-ipsec-ciph-sha2-02.txt> as a Proposed Standard This document has been reviewed in the IETF but is not the product of an IETF Working Group. The IESG contact person is Russ Housley. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-kelly-ipsec-ciph-sha2-02.txt
Technical Summary This specification describes the use of HMAC in conjunction with the SHA-256, SHA-384, and SHA-512 algorithms in IPsec. These algorithms may be used as the basis for data origin authentication and integrity verification mechanisms for the AH, ESP, IKEv1 and IKEv2 protocols, and also as Pseudo-Random Functions (PRFs) for IKEv1 and IKEv2. Truncated output lengths are specified for the authentication-related variants. The PRF variants are not truncated. Working Group Summary This document is not the result of any IETF Working Group, but there has been some discussion of the document on the IPsec mail list. Protocol Quality This document was reviewed by Russ Housley for the IESG. Note to RFC Editor Please change the status of the [SHA2-2] reference. This should be an informative reference, not a normative reference. The PRF using SHA-256 is referred to as "HMAC-SHA-PRF-256" and "HMAC-SHA-256-PRF" and "PRF_HMAC_SHA2_256" in various places in the document. Please refer to it as "PRF-HMAC-SHA-256" everywhere. The PRF using SHA-384 is referred to as "HMAC-SHA-PRF-384" and "HMAC-SHA-384-PRF" and "PRF_HMAC_SHA2_384" in various places in the document. Please refer to it as "PRF-HMAC-SHA-384" everywhere. The PRF using SHA-512 is referred to as "HMAC-SHA-PRF-512" and "HMAC-SHA-512-PRF" and "PRF_HMAC_SHA2_512" in various places in the document. Please refer to it as "PRF-HMAC-SHA-512" everywhere.