David,
I notice you're just mentioning Camellia with a 256-bit key, which
leaves out the 128 or 192-bit keys. I don't disagree, but I'm
curious if that was intentional.
Yes, intentional. I chose Camellia-256 by the point of view of
marketing.
I found that may people had selected TLS/AES-256 ciphersuite for their
https when they could use it under their system. Many people think
"more strong cipher for me". I know that it is overkill for thier
security. But most important thing is "to supply what users want to
get".
And there are many 128-bit ciphers which are already used. People will
use a cipher that they used to using. But in 256-bit ciphers, there
only two ciphers except Camellia and many people aren't familiar with
256-bit cipher yet. In that situation, it will be easy to accept
Camellia-256bit.
Camellia-256 is good for surviving cipher war.
Regards,
---
Hironobu SUZUKI <hironobu at h2np dot net><hironobu at fsij dot org>
Hironobu SUZUKI Office, Inc. / FSIJ / WCLSCAN / OpenPKSD
Tokyo, Japan.
http://h2np.net