Subject: Re: PEM WG Agenda
Date: Fri, 18 Jun 93 15:04:35 +0100
From: Mike Roe <Michael(_dot_)Roe(_at_)cl(_dot_)cam(_dot_)ac(_dot_)uk>
Message-Id: <"swan.cl.cam.:105350:930618140526"@cl.cam.ac.uk>
As you're looking for volunteers, I'd be prepared to speak in favour of adding
triple DES to the official PEM algorithms suite.
Mike,
I'm concerned about any attempt to add triple-DES to the suite
before we have reached consensus on its definition. In particular, we have
mild agreement that triple DES is
E(k1, D(k2, E(k3, X ) ) )
but we have quite firm disagreement (a.k.a. religious war) over:
1. whether k1 = k3
and
2. where the feedback loop(s) is(are) for CBC.
My personal strong position is on #2 -- that there needs to be three
feedback loops for CBC and therefore three IVs -- for the performance
reasons which I gave earlier on this list.
There are others who believe strongly that there should be one feedback loop.
At this point, the only thing I would believe could be written into a
standard is multiple definitions of "triple-DES" -- at least 2, maybe 4.
- Carl