[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: draft-ietf-ipsec-ciph-aes-ctr-00.txt
>>>>> "Housley," == Housley, Russ <rhousley@rsasecurity.com> writes:
Housley,> Are you happy with the following replacement paragraph?
Housley,> Additionally, since AES has a 128-bit block size,
Housley,> regardless of the mode employed, the ciphertext generated
Housley,> by AES encryption becomes distinguishable from random
Housley,> values after 2^64 blocks are encrypted with a single key.
Housley,> Since ESP with Enhanced Sequence Numbers allows for up to
Housley,> 2^64 packets in a single security association (SA), there
Housley,> is real potential for more than 2^64 blocks to be encrypted
Housley,> with one key. Therefore, implementations SHOULD generate a
Housley,> fresh key before 2^64 blocks are encrypted with the same
Housley,> key. Note that ESP with 32-bit Sequence Numbers will not
Housley,> exceed 2^64 blocks even if all of the packets are
Housley,> maximum-length Jumbograms.
Yes, that looks great; it covers all cases with a single description.
paul