[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Two AES encryption modes?

To: ipsec@lists.tislabs.com
Subject: Re: Two AES encryption modes?
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Thu, 25 Jul 2002 11:21:57 -0400
In-reply-to: Your message of "Wed, 24 Jul 2002 09:56:07 PDT." <p05111a31b9648aa81d06@[165.227.249.18]>
Sender: owner-ipsec@lists.tislabs.com

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "VPNC" == VPNC  <Paul> writes:
    VPNC> At 8:08 AM -0400 7/24/02, Internet-Drafts@ietf.org wrote:
    >> A New Internet-Draft is available from the on-line Internet-Drafts 
    >> directories.
    >> This draft is a work item of the IP Security Protocol Working Group 
    >> of the IETF.
    >> 
    >> Title		: Using AES Counter Mode With IPsec ESP
    >> Author(s)	: R. Housley
    >> Filename	: draft-ietf-ipsec-ciph-aes-ctr-00.txt
    >> Pages		: 12
    >> Date		: 23-Jul-02

    VPNC> There are technical reasons why this WG might or might not want to 
    VPNC> have more than one AES encryption modes. I would like to bring up a 
    VPNC> non-technical reason why we wouldn't: interoperability.

    VPNC> System A is marketed as doing AES. System B is marketed as doing AES. 
    VPNC> They won't interoperate unless they both do the same modes. Yes, we 
    VPNC> could demand that the users understand that "AES CBC" and "AES 
    VPNC> Counter" are different, and that when they hear "AES" they need to 
    VPNC> ask "which of the two AES modes do you mean"? That is a wholly 
    VPNC> unrealistic demand.

  One solution is to make up two new names for them, neither of which is "AES".
  This is a marketing solution to a marketing problem.

    VPNC> Without a really, really strong security justification, the loss of 
    VPNC> understandable interoperability that comes with two 
    VPNC> different-but-similarly-named algorithms is not worth it.

  Fix the names.

  I propose "Ted" and "Barbara" as the new working names. They can fight over
which one is more secure.

]    Internet Security. Have encryption, will travel           |1 Fish/2 Fish [
]  Michael Richardson, Sandelman Software Works, Ottawa, ON    |Red F./Blow F [
]mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |strong crypto [
]    At the far end of some dark fiber - wait that's dirt!     |for everyone  [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBPUAXZYqHRg3pndX9AQHV5wP+ON/nBgehwk9btwl+cF4RZkwU7qmhXr/2
79fMKOkgkSHqZWk+A/iMuh93cZZWck70Fl+nttN27f3p6BPFYFU0xB12VCxZozfJ
FyKIva+EkqJGG97/gEmDloHYrt109dG+JBaOgksc2XpE0xcNE38AIVA8I3wOR9r4
PA2UDLjn2q0=
=qqDW
-----END PGP SIGNATURE-----

Follow-Ups:
- RE: Two AES encryption modes?
  - From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>

References:
- Two AES encryption modes?
  - From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>

Prev by Date: RE: Two AES encryption modes?
Next by Date: Re: Two AES encryption modes?
Prev by thread: Re: Two AES encryption modes?
Next by thread: RE: Two AES encryption modes?
Index(es):
- Date
- Thread