SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: Choice of ESP alg. for IPS/IPSec - 3DES-CBC vs. 3DES-CBC-I



    
    Bernard,
    
    > -----Original Message-----
    > From: Bernard Aboba [mailto:bernard_aboba@hotmail.com]
    > Sent: Wednesday, December 05, 2001 5:14 PM
    > To: Shridhar_Mukund@adaptec.com; pkoning@equallogic.com
    > Cc: ips@ece.cmu.edu
    > Subject: RE: Choice of ESP alg. for IPS/IPSec - 3DES-CBC vs. 
    > 3DES-CBC-I
    > 
    > 
    > >When AES-CTR is
    > >approved, AES-CTR becomes MUST and 3DES-CBC is demoted to MAY.
    > 
    > Doing that will create a problem in interoperation between 
    > iSCSI HBAs (which 
    > might have AES support) and software-only implementations, 
    > all of which now 
    > support 3DES-CBC. So it seems like 3DES-CBC has to be a MUST.
    > 
    
    >>> Yes, if we do not prep appropriatly we are inviting 
    >>> trouble down the road. But then, we do agree that it is the
    >>> charter of the IPS WG to enable low-cost iSCSI solutions from >>> today
    all the way up to 10G.
    
    >>> The IPSec implementation(hence interop) complexity is really 
    >>> around yIKEs! Given that we leave the mathematically inclined
    >>> folks to invent(and standardize) ESP/AH algorithms, software
    >>> implementation of these algorithms is the easy part. 
    
    >>> One of the important motivations behind AES is to simplify
    >>> s/w implementation. Since 3DES is compute intensive, 
    >>> s/w implementations will transition rapidly. Even today
    >>> several implementations taut AES.
    
    >>> On a lighter note, those who resist small s/w changes that 
    >>> bring significant value are not in this audience. iSCSI
    >>> is about change.
    
    -Shridhar Mukund
    
    
    
     
    


Home

Last updated: Fri Dec 07 11:17:59 2001
8008 messages in chronological order