[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Two AES encryption modes?

To: "'Michael Richardson'" <mcr@sandelman.ottawa.on.ca>, " 'list'" <ipsec@lists.tislabs.com>
Subject: RE: Two AES encryption modes?
From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>
Date: 25 Jul 2002 15:14:30 -0400
Importance: Normal
In-Reply-To: <200207251811.g6PIBIc5009391@marajade.sandelman.ottawa.on.ca>
Reply-To: andrew.krywaniuk@alcatel.com
Sender: owner-ipsec@lists.tislabs.com

>   It seems that a named ciphersuite needs an RFC to describe
> it anyway.
> Getting a number assigned seems simple to me.

Not necessarily. Take a look at the list I sent earlier:

   IETF-ipsec high security '02  (chosen by WG, published in an RFC)
   US DoD FIPS standard '02   (chosen by a large customer, listed as a
requirement)
   VPNC default '02   (chosen by a vendor consortium, published on their
website)
   JoeBillyBob JBB's ciphersuite '02  (chosen by an individual, distributed
to his friends)

Only the first ciphersuite needs to be published in an RFC. The other ones
are published on the DoD, VPNC, and joebillybob.com websites/technical
publications respectively. If you use GUI ciphersuites there is no IANA
registry, so there doesn't need to be a comprehensive list of all the
possible ciphersuites.

Andrew
-------------------------------------------
There are no rules, only regulations. Luckily,
history has shown that with time, hard work,
and lots of love, anyone can be a technocrat.



> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com
> [mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Michael Richardson
> Sent: Thursday, July 25, 2002 2:11 PM
> To: ipsec@lists.tislabs.com
> Subject: Re: Two AES encryption modes?
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
>
> >>>>> "Andrew" == Andrew Krywaniuk
> <andrew.krywaniuk@alcatel.com> writes:
>     Andrew> This is the type of problem that named
> ciphersuites will solve. I've been
>     Andrew> thinking a bit about the semantics of this, and I
> think we could come up
>     Andrew> with a pretty good naming scheme of the form
> <organization> <common name>
>     Andrew> <year>.
>
>   Other than the Y2K compliance needed, I like your proposal.
>
>   I know that you have argued for having them at the GUI
> level, while I think
> that they should be negotiated directly. My belief is that
> one reason for
> resistance to getting the numbers assigned is that people
> believe that the
> IANA is hard to work with.
>
>   Paul said that he was working to fix that. How is that going?
>
>   It seems that a named ciphersuite needs an RFC to describe
> it anyway.
> Getting a number assigned seems simple to me.
>
> ]    Internet Security. Have encryption, will travel
>  |1 Fish/2 Fish [
> ]  Michael Richardson, Sandelman Software Works, Ottawa, ON
>  |Red F./Blow F [
> ]mcr@sandelman.ottawa.on.ca
> http://www.sandelman.ottawa.on.ca/ |strong crypto [
> ]    At the far end of some dark fiber - wait that's dirt!
>  |for everyone  [
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3ia
> Charset: latin1
> Comment: Finger me for keys
>
> iQCVAwUBPUA/QYqHRg3pndX9AQFifQP8DMg55+zgetSfETCyznpfeOfnlST0W+at
> 1eVjae6Dt9L7ls92+hVVGJd4EcQV3RjgJ1PJci048Om7AqPYhrhVtv/DsTr+bevR
> KMSCHRLjmnXeLx9xI7H2nSQu9ohnVpp2cPR1GPK3s7bzT3Oud1M4XOwlG0+SEarE
> j/LDSfPcWLQ=
> =IK/3
> -----END PGP SIGNATURE-----
>

Follow-Ups:
- Re: Two AES encryption modes?
  - From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

References:
- Re: Two AES encryption modes?
  - From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

Prev by Date: Re: Two AES encryption modes?
Next by Date: Re: Two AES encryption modes?
Prev by thread: Re: Two AES encryption modes?
Next by thread: Re: Two AES encryption modes?
Index(es):
- Date
- Thread