|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: Choice of ESP alg. for IPS/IPSec - 3DES-CBC vs. 3DES-CBC-IBernard, > -----Original Message----- > From: Bernard Aboba [mailto:bernard_aboba@hotmail.com] > Sent: Wednesday, December 05, 2001 5:14 PM > To: Shridhar_Mukund@adaptec.com; pkoning@equallogic.com > Cc: ips@ece.cmu.edu > Subject: RE: Choice of ESP alg. for IPS/IPSec - 3DES-CBC vs. > 3DES-CBC-I > > > >When AES-CTR is > >approved, AES-CTR becomes MUST and 3DES-CBC is demoted to MAY. > > Doing that will create a problem in interoperation between > iSCSI HBAs (which > might have AES support) and software-only implementations, > all of which now > support 3DES-CBC. So it seems like 3DES-CBC has to be a MUST. > >>> Yes, if we do not prep appropriatly we are inviting >>> trouble down the road. But then, we do agree that it is the >>> charter of the IPS WG to enable low-cost iSCSI solutions from >>> today all the way up to 10G. >>> The IPSec implementation(hence interop) complexity is really >>> around yIKEs! Given that we leave the mathematically inclined >>> folks to invent(and standardize) ESP/AH algorithms, software >>> implementation of these algorithms is the easy part. >>> One of the important motivations behind AES is to simplify >>> s/w implementation. Since 3DES is compute intensive, >>> s/w implementations will transition rapidly. Even today >>> several implementations taut AES. >>> On a lighter note, those who resist small s/w changes that >>> bring significant value are not in this audience. iSCSI >>> is about change. -Shridhar Mukund
Home Last updated: Fri Dec 07 11:17:59 2001 8008 messages in chronological order |