With vendor hat on: years ago we measured the performance and found that the performance of AES-256-CBC and AES-192-CBC were virtually identical. We removed AES-192-CBC from our UI because we didn't see a point to it - less security for no performance gain.
I don't have any more recent measurements, but unless there is a good reason to prefer AES-192-CBC over AES-256-CBC, I'd rather it not be a SHOULD. On Sat, Mar 8, 2014 at 10:00 PM, <[email protected]> wrote: > > On Mar 8, 2014, at 8:08 AM, Black, David <[email protected]> wrote: > > >> The next draft changes AES-128-CBC to AES-CBC, and says: > >> > >> In the following sections, all AES modes are for 128-bit AES. 192-bit > AES > >> MAY be supported for those modes, but the requirements here are for > 128-bit > >> AES. > > > > What about 256-bit AES keys? They should also be a "MAY". > > Why not "SHOULD" for 192 and 256 bit keys? > > paul > > _______________________________________________ > IPsec mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ipsec >
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
