The IESG has approved "The AES-XCBC-MAC-96 Algorithm and Its Use With IPsec" <draft-ietf-ipsec-ciph-aes-xcbc-mac-04.txt> as a Proposed Standard. This document is the product of the IPsec Working Group. The IESG contact persons are Steve Bellovin and Russ Housley. Technical Summary This document defines a new hash algorithm for use in IPsec ESP. It is a variant of the traditional use of a cipher in Cipher Block Chaining (CBC) Mode to compute a hash value. However traditional CBC mode hashes are vulnerable to attack if the amount of data to be protected is of variable length. This document defines a variant of this approach, applied to the Advanced Encryption Standard (AES) that is proof against this vulnerability. Working Group Summary There was working group consensus on this document. Protocol Quality These documents were reviewed by Jeff Schiller.
