Re: Agenda for the Minneapolis meeting

[Scott Fluhrer <sfluhrer@cisco.com>]

On Thu, 15 Mar 2001, Sandy Harris wrote:

> Dan Harkins wrote:
> 
> >            - advances in the state-of-the-art should depricate some of the
> >              mandatory options-- DES, group1-- and that can happen in a
> >              rewrite.
> 
> Can we please have AES as a MUST? 

If we specify AES as a MUST, it might be somewhat helpful if we define
exactly what transform/mode AES MUST be used in.

I have heard nobody define how AES is to be used with IKE, although the
'CBC with implicit IV' would appear to be a good fit.

There are three outstanding drafts for how AES is to be used for IPSec.
I wrote up a review of them back in January on this mailing list.  I
would suggest that review be used as a starting place for deciding
which transform should be mandated.

> 
> It has survived really intensive analysis. The teams for other AES candidates
> had several of the world's top people on them -- Biham, Coppersmith, ... None
> of them found flaws in Rijndael.
> 
> It is roughly 10 times 3DES speed in software. Schneier gives figures in AC2
> that have Blowfish more than 3 times single DES speed. He says elsewhere Twofish
> is faster than Blowfish, and AES tests showed Twofish and Rijndael roughly
> comparable.
> 
> Finally, there are several readily available implementations with open licenses.
> At least the reference implementation on the authors' site and Brian Gladman's
> version.
>

---

Follow-Ups:

• Re: Agenda for the Minneapolis meeting
• From: Stephen Kent <kent@bbn.com>

References:

• Re: Agenda for the Minneapolis meeting
• From: Sandy Harris <sandy@storm.ca>

---

• Prev by Date: Re: Agenda for the Minneapolis meeting
• Next by Date: RE: Agenda for the Minneapolis meeting
• Prev by thread: Re: Agenda for the Minneapolis meeting
• Next by thread: Re: Agenda for the Minneapolis meeting
• Index(es):
  • Main
  • Thread