RE: What is the standardization status of AES in IPSec?

["Hilarie Orman, Purple Streak Development" <hilarie@xmission.com>]

I'm curious as to how many people believe that a MUST for a 128-bit AES
key means a MUST for 128 bits of entropy in the key.

The *strength* of the key determination algorithm need not
match the *length* of the cipher key, thus one might not need larger groups
for larger keys.

And, if anyone really wants that must strength in key determination,
the computational advantages of elliptic curve groups are overwhelming.

Hilarie


>  Additionally, some new Oakley groups should be identified at the same time.
>  Some of those will undoubtly have to be ECDH groups in order to reasonably
>  support 256 bit keys (anyone want to deal with 15K bit Oakley groups?)


>  From: Andrew Wenlang Zhu [mailto:Andrew_zhu@hp.com]


>  Hello:

>  Can any one give me an update on the standardization status of using AES in
>  IPSec?

>  I am reading "The AES Cipher Algorithm and Its Use With IPsec"
>  <draft-ietf-ipsec-ciph-aes-cbc-03.txt> and read " Once NIST has published
>  the AES FIPS ... AES should become a default and mandatory-to-implement
>  cipher algorithm for IPSec".

>  FIPS-197 was out in Nov-2001. When an IPSec/AES RFC is expected to come out?

>  Thanks,
>  ---------------------------------------
>  Andrew Zhu
>  HP Systems Networking Solution Lab
>  IP Security & System Firewall Project
>  Andrew_zhu@hp.com