Hironobu SUZUKI wrote:
David,
I notice you're just mentioning Camellia with a 256-bit key, which
leaves out the 128 or 192-bit keys. I don't disagree, but I'm
curious if that was intentional.
Yes, intentional. I chose Camellia-256 by the point of view of
marketing.
I found that may people had selected TLS/AES-256 ciphersuite for their
https when they could use it under their system.
AES-256 is listed in a NIST recommendation. It's not marketing,
it's following NIST guidance.
Not to say that's not debatable but it's not just "marketing" or
key material size obsession.