Re: ECC in OpenPGP proposal, second revision
2008-03-17 08:45:37
Andrey Jivsov wrote:
I think section 12 also needs to explicitly deprecate AES-192, saying
that it's not necessarily going to be fielded widely (bring in the fact
that it is only a MAY here might help), isn't one of the Suite B ciphers,
and that it's probably only suitable if for some reason you *really*
need a 192-bit cipher: otherwise go for AES256 for security or -128
for performance.
I hope that we find a consensus in not explicitly promoting AES-192
instead. There are many reasons why mobile/weak hardware devices may
wish the middle-of-the-road approach with AES-192/ECC-384.
I agree with David, I personally have yet to see a valid
engineering reason why one would use AES-192.
Jon has laid out some non-engineering reasons why it should
be there, and that's a difficult area for us to argue
against (maybe something Jon and I agree violently over).
So I guess we are agreed that it should be possible to do
AES-192 ... but that doesn't mean we should encourage it at all.
AES-128+friends gives a whole lot of security, and that is
probably enough for most if not every mobile application.
You want more than 128? Go for the top profile (or go find
a machine with the top profile). If your attacker can
crunch AES-128+friends then we can't possibly recommend
AES-192 because we just don't know what your attacker is up to.
I like David's skepticism in words, above. RFC consumers
who fancy something "a bit better than 128" should be
discouraged, or understand that they are creating problems,
they'd better be prepared for the consequences, and the
community isn't working for them any more. Deprecated is a
good scary word.
If we were to discourage AES-192, we will need convincing references to
data that support and explain our choice.
I see no sweet spot in that data, so I read it as supporting
the lack of value in AES-192.
iang
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: ECC in OpenPGP proposal, (continued)
- Re: ECC in OpenPGP proposal, David Crick
- Re: ECC in OpenPGP proposal, second revision, Andrey Jivsov
- Re: ECC in OpenPGP proposal, second revision, David Crick
- Re: ECC in OpenPGP proposal, second revision, Andrey Jivsov
- Re: ECC in OpenPGP proposal, second revision, David Crick
- ECC in OpenPGP proposal, forth revision, Andrey Jivsov
- Re: ECC in OpenPGP proposal, forth revision, David Crick
- Re: ECC in OpenPGP proposal, forth revision, Andrey Jivsov
- Re: ECC in OpenPGP proposal, second revision,
Ian G <=
- Re: ECC in OpenPGP proposal, Ian G
- Message not available
- Fwd: ECC in OpenPGP proposal, David Crick
Re: ECC in OpenPGP proposal, Len Sassaman
Re: ECC in OpenPGP proposal, Andrey Jivsov
|
|
|