[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AES cipher suites

To: Black_David@xxxxxxx
Subject: Re: AES cipher suites
From: Uri Blumenthal <uri@xxxxxxxxxxxxx>
Date: Wed, 15 Jan 2003 16:01:18 -0500
Cc: Charlie_Kaufman@xxxxxxxxxxxxxxxx, ipsec@xxxxxxxxxxxxxxxxx
Organization: Lucent Tehcnologies / Bell Labs
Original-cc: Charlie_Kaufman@xxxxxxxxxxxxxxxx, ipsec@xxxxxxxxxxxxxxxxx
References: <>
Sender: owner-ipsec@xxxxxxxxxxxxxxxxx

Black_David@xxxxxxx wrote:
> 1536-bit Diffie-Hellman; 128-bit AES CBC; HMAC-SHA1; ESP.
> 2048-bit Diffie-Hellman; 128-bit AES CTR; HMAC-SHA1; ESP.

Fine...
 
> Q: Should AES suites with AES-CBC MAC + XCBC be defined as a
>         backstop against the unlikely event that a disastrous
>         attack on HMAC-SHA1 turns up?

IMHO - yes.
 
> AES-CBC MAC + XCBC is the backup MAC algorithm for IP Storage
> ("SHOULD implement" in the ips drafts).

References:
- AES cipher suites
  - From: Black_David

Prev by Date: I-D ACTION:draft-ietf-ipsec-udp-encaps-06.txt
Next by Date: About scheduling the IPsec WG meeting in SF
Previous by thread: Re: AES cipher suites
Next by thread: RE: AES cipher suites
Index(es):
- Date
- Thread