Paul
On Mar 8, 2014, at 8:08 AM, Black, David <[email protected]> wrote:
The next draft changes AES-128-CBC to AES-CBC, and says:
In the following sections, all AES modes are for 128-bit AES. 192-bit AES
MAY be supported for those modes, but the requirements here are for 128-bit
AES.
What about 256-bit AES keys? They should also be a "MAY".
Why not “SHOULD” for 192 and 256 bit keys?
paul
It's good to remember the reason that 256-bits keys for AES were specified,
i.e., as a hedge against someone building a quantum computer. So, unless the
data being encrypted is expected to have a lifetime far enough into the
future
as to merit protection against that concern, the extra time needed to
perform
AES-256 vs. AES-128 does not seem justified.
Steve
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
