Thus spake "Michael Sierchio" <[EMAIL PROTECTED]> > Argument: let's write an Internet draft that describes the use of AES CTR > mode in SSLv3/TLSv1. We can do it however we like, modulo the usual > criticism and review in the IETF working group(s). > > Comments? Rich? Richard? Stephen?
I'm a bit more ambitious... We should specify NIST-style CTR mode for all octet stream applications within the IETF's domain, with SSL/TLS as an example. For record-based systems, I don't know if NIST-style or IPsec-style would be more appropriate :-( Can someone explain why the IPsec folks felt they needed to reimplement CTR mode, especially in a way which appears to create more problems? S Stephen Sprunk "God does not play dice." --Albert Einstein CCIE #3723 "God is an inveterate gambler, and He throws the K5SSS dice at every possible opportunity." --Stephen Hawking ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]