RE: Security Use Requirements

To: Michael Eisler <mre@zambeel.com>
Subject: RE: Security Use Requirements
From: Michael Krause <krause@cup.hp.com>
Date: Thu, 08 Feb 2001 06:16:27 -0800
Cc: ips@ece.cmu.edu
Content-Type: text/plain; charset="us-ascii"; format=flowed
In-Reply-To: <Roam.SIMC.2.0.6.981593759.11529.mre@zambeel.com>
References: <"Your message with ID" <5.0.0.25.2.20010207155733.00a63d00@10.30.15.2>
Sender: owner-ips@ece.cmu.edu

At 04:55 PM 2/7/2001 -0800, Michael Eisler wrote:
>Why use DES, which is slow for software implementations, when AES
>is there, is fast, and has little dispute about its safety?
>
>draft-ietf-ipsec-ciph-aes-cbc-01.txt proposes a means
>for using AES in IPsec.
>
>draft-ietf-tls-ciphersuite-03.txt proposes a means for
>using AES in TLS.
>
>3DES is really, really slow for software to the point of being impractical.
>While one can always mandate it for implementation, in practice I doubt any
>customer using a software 3DES over ips will want to use it.

How fast is AES in hardware?  3DES is link-rate in hardware today and in 
wide use by many products.  While software implementations are interesting 
/ value to some, most high-speed implementations, e.g. 1 / 10 GbE, will 
require hardware acceleration and thus the preference is to focus on 
hardware friendly solutions wherever possible.

Mike

Follow-Ups:
- RE: Security Use Requirements
  - From: Michael Eisler <mre@zambeel.com>

References:
- RE: Security Use Requirements
  - From: RJ Atkinson <rja@inet.org>
- RE: Security Use Requirements
  - From: Michael Eisler <mre@zambeel.com>

Prev by Date: Re: ISCSI: Immediate data extending beyond a single PDU
Next by Date: RE: Security Use Requirements
Prev by thread: RE: Security Use Requirements
Next by thread: RE: Security Use Requirements
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:05:33 2001
6315 messages in chronological order