I don't care one way or the other on this. I believe that the 192 key lengths for AES are being used in some of the US government profiles, but that would not be relevant here because I don't think those profiles would be used here.
Jim -----Original Message----- From: COSE <[email protected]> On Behalf Of John Mattsson Sent: Tuesday, November 26, 2019 7:24 AM To: [email protected] Subject: [COSE] Comments on draft-schaad-cose-more-algs-00 Hi, Is A192KW-Pad needed? I don’t think I have ever seen an application actually using AES-192. Application wanting more than 128-bit security typically use AES-256, even together with algorithms like P-384 and SHA-384. I know that RFC 8152 defines A192KW and in general I don’t see a problem with defining A192KW-Pad, but it should maybe not be given one of the limited small values for its label (TBD2) unless someone express that they want to use AES-192. Cheers, John _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
