[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AES cipher suites



Scott G. Kelly wrote:
>There are issues of backward compatibility: there are (recently) fielded
>devices which contain hardware support for aes-cbc and not aes-ctr. Are
>we to require vendors to forklift these devices?

Ok, I think there may be some confusion here.  I hope the confusion is
not my fault.

I was not advocating any changes or any forklift upgrades.
If I understand correctly, David Black asked for addition of new
AES-CBC-encryption ciphersuites.  My question was why we need additional
AES-CBC-encryption ciphersuites; what's wrong with AES-CTR, or with the
status quo?  In other words, I'd like to understand what's wrong with
the status quo before making changes.

Also, please note that there is a difference between AES-CBC-encryption
and AES-CBC-MAC (or its variants, like AES-XCBC MAC).  They're
orthogonal.  Modes like AES-CTR or AES-CBC-encryption are for
confidentiality.  Modes like SHA1-HMAC or AES-CBC-MAC or AES-XCBC are
for authentication+integrity.