[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: AES cipher suites
Scott G. Kelly wrote:
>There are issues of backward compatibility: there are (recently) fielded
>devices which contain hardware support for aes-cbc and not aes-ctr. Are
>we to require vendors to forklift these devices?
Ok, I think there may be some confusion here. I hope the confusion is
not my fault.
I was not advocating any changes or any forklift upgrades.
If I understand correctly, David Black asked for addition of new
AES-CBC-encryption ciphersuites. My question was why we need additional
AES-CBC-encryption ciphersuites; what's wrong with AES-CTR, or with the
status quo? In other words, I'd like to understand what's wrong with
the status quo before making changes.
Also, please note that there is a difference between AES-CBC-encryption
and AES-CBC-MAC (or its variants, like AES-XCBC MAC). They're
orthogonal. Modes like AES-CTR or AES-CBC-encryption are for
confidentiality. Modes like SHA1-HMAC or AES-CBC-MAC or AES-XCBC are