That change is really good thanks, S On 09/07/15 08:51, Yoav Nir wrote: > So, how about replacing the first two paragraphs? > > OLD: > The Advanced Encryption Standard (AES - [FIPS-197]) has become the > gold standard in encryption. Its efficient design, wide > implementation, and hardware support allow for high performance in > many areas, including IPsec VPNs. On most modern platforms, AES is > anywhere from 4x to 10x as fast as the previous most-used cipher, > 3-key Data Encryption Standard (3DES - [SP800-67]). 3DES also has a > 64-bit block, which means that the amount of data that can be > encrypted before rekeying is required is not great. These reasons > make AES not only the best choice, but the only choice. > > The problem is that if future advances in cryptanalysis reveal a > weakness in AES, VPN users will be in an unenviable position. With > the only other widely supported cipher being the much slower 3DES, it > is not feasible to re-configure IPsec installations away from AES. > [standby-cipher] describes this issue and the need for a standby > cipher in greater detail. > > NEW: > The Advanced Encryption Standard (AES - [FIPS-197]) has become the > go-to algorithm for encryption. It is now the most commonly used > algorithm in many areas, including IPsec virtual private networks > (VPN). On most modern platforms AES is anywhere from 4x to 10x as > fast as the previous popular cipher, 3-key Data Encryption Standard > (3DES - [SP800-67]). 3DES also uses a 64-bit block, which means that > the amount of data that can be encrypted before rekeying is required > is limited. These reasons make AES not only the best choice, but the > only viable choice for IPsec. > > The problem is that if future advances in cryptanalysis reveal a > weakness in AES, VPN users will be in an unenviable position. With > the only other widely supported cipher for IPsec implementations > being the much slower 3DES, it is not feasible to re-configure IPsec > installations away from AES. [standby-cipher] describes this issue > and the need for a standby cipher in greater detail. > > > Yoav >
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
