by mail.netbsd.org with SMTP; 3 Oct 2000 03:26:34 -0000
	by coconut.itojun.org (8.9.3+3.2W/3.7W) with ESMTP id MAA08585;
	Tue, 3 Oct 2000 12:26:23 +0900 (JST)
To: thorpej@zembu.com
cc: tech-security@netbsd.org
In-reply-to: thorpej's message of Sun, 01 Oct 2000 15:16:37 MST.
      <20001001151637.K5134@dr-evil.shagadelic.org>
Subject: Re: AES cipher finalist
From: itojun@iijlab.net
Date: Tue, 03 Oct 2000 12:26:23 +0900
Message-ID: <8583.970543583@coconut.itojun.org>


> > 	AES cipher finalist will be annonuced on Oct 2.
> > 	- If twofish or rijndael is selected, and
> > 	- official IPsec/IKE DOI # is assigned,
> > 	I'd like to propose to pull it into main trunc and then 1.5.
> > 	it would be cool to ship 1.5 with AES algorithm :-)
> > 	and interoperability for twofish and rijndael is already confirmed
> > 	with other parties (oops, need checking with 64bit arch).
> > 	objections, comments?
>Sounds wonderful.

	it was announced that, rijndael is picked as the AES algorithm.
	now netbsd-current has rijndael processing code for IPsec ESP (both
	IPv4 and IPv6, of course).  interoperability is confirmed with
	i386, alpha (KAME/NetBSD or NetBSD-current), and i386 (SSH IPsec
	toolkit).
	i'm still waiting for official protocol number assignment
	(RFC2407 IPsec DOI definition is necessary to provide PF_KEY kernnel
	API, which is necessary for manipulating IPsec SA from setkey(8) or
	racoon).  once the number gets assigned, i'll add the defintion into
	netbsd-current and then request a pullup to 1.5 (if it meets the
	1.5 deadline).

itojun