[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IV sizes for AES candidates

On Tue, 8 Aug 2000, Sheila Frankel wrote:

> If the consensus of the group is that we should stick with the
> tried-and-true  CBC mode, that's fine with us, and the next version of the
> draft will reflect that.

No!!! This is NOT the consensus. At least the counter mode should also
being reconsidered as a standard.

[Somewhere in spring I announced that a draft, coauthored by me and Phil
Rogaway, on counter mode was in works. Unfortunately, by many obstacles it
is still in works, but it will be ready during this month!]

> The only keysize required by the draft is 128 bits; the others are
> optional. We are interested in comments from the list - should the other
> key sizes be mentioned at all? any other comments on the "IKE Interactions"
> section?

Other key sizes have no practical benefit at this moment.

> By the way, has anyone else implemented any of the AES candidates in IPsec
> and/or IKE?

I've implemented all AES candidates, but not in context of IPSec.