[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Two AES encryption modes?

To: ipsec@lists.tislabs.com
Subject: Re: Two AES encryption modes?
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Fri, 26 Jul 2002 18:31:41 -0400
In-reply-to: Your message of "25 Jul 2002 15:14:30 EDT." <003001c2340f$81ec5c60$d16fe640@ca.alcatel.com>
Sender: owner-ipsec@lists.tislabs.com

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Andrew" == Andrew Krywaniuk <andrew.krywaniuk@alcatel.com> writes:
    Andrew> Not necessarily. Take a look at the list I sent earlier:

    Andrew>    IETF-ipsec high security '02  (chosen by WG, published in an RFC)
    Andrew>    US DoD FIPS standard '02   (chosen by a large customer, listed as a
    Andrew> requirement)
    Andrew>    VPNC default '02   (chosen by a vendor consortium, published on their
    Andrew> website)
    Andrew>    JoeBillyBob JBB's ciphersuite '02  (chosen by an individual, distributed
    Andrew> to his friends)

    Andrew> Only the first ciphersuite needs to be published in an RFC. The other ones
    Andrew> are published on the DoD, VPNC, and joebillybob.com websites/technical
    Andrew> publications respectively. If you use GUI ciphersuites there is no IANA
    Andrew> registry, so there doesn't need to be a comprehensive list of all the
    Andrew> possible ciphersuites.

  There will nothing to help interoperability. 
  It certainly won't help anyone get good support from hardware vendors.

  We are just wasting bits on EVERY wire to avoid writing what will be
perhaps a dozen real drafts.

  After the first 6 or so submissions of AES-256/MD2 (not even HMAC), people
will get bored with the concept. The only GUI ciphersuites used will be the
IETF specified ones, and we'll have hundreds of lines of code in SOI that
never get tested, except when Tero Kivinen initiates to the broadcast address
at bakeoffs.

]    Internet Security. Have encryption, will travel           |1 Fish/2 Fish [
]  Michael Richardson, Sandelman Software Works, Ottawa, ON    |Red F./Blow F [
]mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |strong crypto [
]    At the far end of some dark fiber - wait that's dirt!     |for everyone  [

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Finger me for keys

iQCVAwUBPUHNyoqHRg3pndX9AQHMTwQA7l9UUAbyhdgOFrbE31XCTrb/K49D2KPE
uTT/YTktx8WXgs3ZJiZqcQcsanl9b7NeUQB0pWqOzzvcadUOa/1XHp0FrHD9XU1V
3OUg9Ww96qP6kGMznlAI6TQQpzgm12O4biNWWLQXNXMIXaLwsbeNcP8fzjEjIg9+
0qOp83ZRU8Q=
=ilr+
-----END PGP SIGNATURE-----

Follow-Ups:
- RE: Two AES encryption modes?
  - From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>

References:
- RE: Two AES encryption modes?
  - From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>

Prev by Date: Re: Two AES encryption modes?
Next by Date: RE: draft-ietf-ipsec-ciph-aes-ctr-00.txt
Prev by thread: RE: Two AES encryption modes?
Next by thread: RE: Two AES encryption modes?
Index(es):
- Date
- Thread