[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Two AES encryption modes?
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "VPNC" == VPNC <Paul> writes:
VPNC> At 8:08 AM -0400 7/24/02, Internet-Drafts@ietf.org wrote:
>> A New Internet-Draft is available from the on-line Internet-Drafts
>> directories.
>> This draft is a work item of the IP Security Protocol Working Group
>> of the IETF.
>>
>> Title : Using AES Counter Mode With IPsec ESP
>> Author(s) : R. Housley
>> Filename : draft-ietf-ipsec-ciph-aes-ctr-00.txt
>> Pages : 12
>> Date : 23-Jul-02
VPNC> There are technical reasons why this WG might or might not want to
VPNC> have more than one AES encryption modes. I would like to bring up a
VPNC> non-technical reason why we wouldn't: interoperability.
VPNC> System A is marketed as doing AES. System B is marketed as doing AES.
VPNC> They won't interoperate unless they both do the same modes. Yes, we
VPNC> could demand that the users understand that "AES CBC" and "AES
VPNC> Counter" are different, and that when they hear "AES" they need to
VPNC> ask "which of the two AES modes do you mean"? That is a wholly
VPNC> unrealistic demand.
One solution is to make up two new names for them, neither of which is "AES".
This is a marketing solution to a marketing problem.
VPNC> Without a really, really strong security justification, the loss of
VPNC> understandable interoperability that comes with two
VPNC> different-but-similarly-named algorithms is not worth it.
Fix the names.
I propose "Ted" and "Barbara" as the new working names. They can fight over
which one is more secure.
] Internet Security. Have encryption, will travel |1 Fish/2 Fish [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |Red F./Blow F [
]mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |strong crypto [
] At the far end of some dark fiber - wait that's dirt! |for everyone [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBPUAXZYqHRg3pndX9AQHV5wP+ON/nBgehwk9btwl+cF4RZkwU7qmhXr/2
79fMKOkgkSHqZWk+A/iMuh93cZZWck70Fl+nttN27f3p6BPFYFU0xB12VCxZozfJ
FyKIva+EkqJGG97/gEmDloHYrt109dG+JBaOgksc2XpE0xcNE38AIVA8I3wOR9r4
PA2UDLjn2q0=
=qqDW
-----END PGP SIGNATURE-----