Hi Dan Glad you replied to this, OCB seems to be a hot topic at the moment. There seems to be some interest in this simply due to the potential speed increase.
Would anyone know the potential % difference in speed compared to GCM ? In summary I think it should be discussed. cheers On Wed, Mar 3, 2021 at 7:37 PM Dan Harkins <dhark...@lounge.org> wrote: > > Faster and more secure seem to be compelling reasons. Those reasons are > probably more compelling for ESP than they are for IKE. > > The license for OCB always had some caveats like the code could not be > used > for military purposes which is something of a nightmare for a manufacturer > of > general purpose hardware/software. Considering how difficult it would be to > ensure that your product is never used by a military anywhere in the world, > that's probably enough of a reason for TLS to not support it. Remember how > long ECC was delayed for (imagined) IP reasons? > > IP is bad news. People don't want anything to do with partially > encumbered > technology. Now this technology is not encumbered at all so, yea, let's do > it. > > If an individual draft was to appear would the WG adopt it as a work > item? > > regards, > > Dan. > > On 2/28/21 1:47 PM, Yoav Nir wrote: > > IIRC the license has allowed OCB to be used for TLS for several years. > They haven’t taken it up. There are no AES-OCB ciphersuites > inhttps://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-4 > > So I’m wondering right with you: It has a theoretical advantage in > security and a measurable advantage in speed in software. Neither were > compelling enough for anyone to bother adding it in TLS ciphersuites. Why > should our conclusion be any different? > > Yoav > > > On 28 Feb 2021, at 22:35, Paul Wouters <p...@nohats.ca> wrote: > > > So now that OCB is finally free, do we want to implement it? :) > > I'm honestly not sure if the improvements of AES-GCM are worth it. > I haven't heard of vulnerabilities in IKE/ESP wrt. IVs or counters. > > Paul > > ---------- Forwarded message ---------- > Date: Sat, 27 Feb 2021 14:37:30 > From: "Salz, Rich via cryptography" <cryptogra...@metzdowd.com> > To: "cryptogra...@metzdowd.com" <cryptogra...@metzdowd.com> > Subject: [Cryptography] Direct public confirmation from Dr. Rogaway > > > https://mailarchive.ietf.org/arch/msg/cfrg/qLTveWOdTJcLn4HP3ev-vrj05Vg/ : > > > > I can confirm that I have abandoned all OCB patents > > and placed into the public domain all OCB-related IP of mine. > > While I have been telling people this for quite some time, I don't > > think I ever made a proper announcement to the CFRG or on the > > OCB webpage. Consider that done. > > > > I hope people will use the scheme to do positive things. > > > > phil > > _______________________________________________ > The cryptography mailing list > cryptogra...@metzdowd.com > https://www.metzdowd.com/mailman/listinfo/cryptography > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec > > > > _______________________________________________ > IPsec mailing listIPsec@ietf.orghttps://www.ietf.org/mailman/listinfo/ipsec > > > -- > "The object of life is not to be on the side of the majority, but to > escape finding oneself in the ranks of the insane." -- Marcus Aurelius > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec >
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec