[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Agenda for the Minneapolis meeting
On Thu, 15 Mar 2001, Sandy Harris wrote:
> Dan Harkins wrote:
>
> > - advances in the state-of-the-art should depricate some of the
> > mandatory options-- DES, group1-- and that can happen in a
> > rewrite.
>
> Can we please have AES as a MUST?
If we specify AES as a MUST, it might be somewhat helpful if we define
exactly what transform/mode AES MUST be used in.
I have heard nobody define how AES is to be used with IKE, although the
'CBC with implicit IV' would appear to be a good fit.
There are three outstanding drafts for how AES is to be used for IPSec.
I wrote up a review of them back in January on this mailing list. I
would suggest that review be used as a starting place for deciding
which transform should be mandated.
>
> It has survived really intensive analysis. The teams for other AES candidates
> had several of the world's top people on them -- Biham, Coppersmith, ... None
> of them found flaws in Rijndael.
>
> It is roughly 10 times 3DES speed in software. Schneier gives figures in AC2
> that have Blowfish more than 3 times single DES speed. He says elsewhere Twofish
> is faster than Blowfish, and AES tests showed Twofish and Rijndael roughly
> comparable.
>
> Finally, there are several readily available implementations with open licenses.
> At least the reference implementation on the authors' site and Brian Gladman's
> version.
>
Follow-Ups:
References: