RE: AES cipher suites

[Bob Doud <BDoud@xxxxxxxx>]

> > Why do you need both?  What problem does AES-CBC solve that AES-CTR
> > doesn't?  It looks to me like AES-CTR is likely to be good enough for
> > everything that AES-CBC is good enough for -- but then, I'm 
> > not familiar with ips.  What am I missing?
> 
> Nothing - ips only needs AES-CTR.  If that's adequate for everyone
> who wants to use AES, then AES-CBC is not needed, but I can't draw
> that conclusion solely based on what IPS envisions ... anyone who
> wants/needs AES-CBC even if AES-CTR is present needs to speak up
> promptly.

Well, for one thing, there are a number of crypto accelerator
chips from various companies that only support AES in CBC
mode today.  CTR mode is just now getting implemented in chips
set to come out later this year (noting that the draft has
still been fluid recently).  So aside from IP storage, I'm 
sure there are a number of VPN products on the market now
that only support CBC mode.

Bob

> > 
> > David Black wrote:
> > >On behalf of the IP Storage (ips) folks who are depending on AES
> > >counter mode, I want to make a strong request for specification of
> > >*both* an AES-CBC suite and an AES-CTR suite.  IPS's use of AES-CTR
> > >is motivated by a desire to build high-speed hardware.  While AES-CTR
> > >is the "right thing" for that class of implementation, I'm reluctant
> > >to impose it on everyone who wants to use AES by not defining an
> > >AES-CBC suite.
> > 
> > Why do you need both?  What problem does AES-CBC solve that AES-CTR
> > doesn't?  It looks to me like AES-CTR is likely to be good enough for
> > everything that AES-CBC is good enough for -- but then, I'm not familiar
> > with ips.  What am I missing?
> > 
>