[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AES and block size?

To: ipsec@lists.tislabs.com
Subject: AES and block size?
From: Dan McDonald <Dan.McDonald@Eng.Sun.COM>
Date: Tue, 3 Oct 2000 13:16:18 -0700 (PDT)
Sender: owner-ipsec@lists.tislabs.com

IKE supports negotiation or proposal of key size.  It doesn't support an
abstraction like RESPONDER-LIFETIME.  IKE doesn't at all support negotiation
of block size.

AES (e.g. Rijndael) has variable block size.  We can:

	1.) Add a block size attribute.

	2.) Pick a block size.

I'm sure the AES draft will address this, right?  (I hope we pick something
quickly and stick to it - I have PF_KEY mods that depend on the answer.)

And since I'm on the subject, what do I do with IKE in the face of "I'm
willing to support multiple keysizes"?  Do I send multiple transforms with
the only difference being different keysize attribute values?  Or do I just
pick one and try again later?

Thanks,
Dan

Prev by Date: Re: Rijndael selected as AES
Next by Date: RE: Rijndael selected as AES
Prev by thread: Re: Assigned Numbers for AES
Next by thread: Re: AES and block size?
Index(es):
- Main
- Thread