> On 3 Mar 2021, at 21:36, Dan Harkins <dhark...@lounge.org> wrote: > > > Faster and more secure seem to be compelling reasons. Those reasons are > probably more compelling for ESP than they are for IKE.
Yes. If we were back in 2008 and figuring out which AEAD we should be using and they were both as unencumbered as they are now, maybe we would prefer OCB over GCM. 13 years later, every IPsec implementation has AES-GCM, so to add OCB to a product, it needs to be significantly better. I haven’t seen recent numbers, but if I remember correctly, the performance difference was in the single-digit percentage points. It’s harder to quantify the security differences, but I don’t think they were compelling. However, these arguments apply to a product, not necessarily to the protocol. Adding this as an option for IPsec (and IKE) is just fine, whether vendors adopt it or not. > > The license for OCB always had some caveats like the code could not be used > for military purposes which is something of a nightmare for a manufacturer of > general purpose hardware/software. Considering how difficult it would be to > ensure that your product is never used by a military anywhere in the world, > that's probably enough of a reason for TLS to not support it. Remember how > long ECC was delayed for (imagined) IP reasons? > > IP is bad news. People don't want anything to do with partially encumbered > technology. Now this technology is not encumbered at all so, yea, let's do it. > > If an individual draft was to appear would the WG adopt it as a work item? Up to the WG, but I would support it. Yoav > > regards, > > Dan. > > On 2/28/21 1:47 PM, Yoav Nir wrote: >> IIRC the license has allowed OCB to be used for TLS for several years. They >> haven’t taken it up. There are no AES-OCB ciphersuites >> inhttps://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-4 >> >> <inhttps://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-4> >> >> So I’m wondering right with you: It has a theoretical advantage in security >> and a measurable advantage in speed in software. Neither were compelling >> enough for anyone to bother adding it in TLS ciphersuites. Why should our >> conclusion be any different? >> >> Yoav >> >> >>> On 28 Feb 2021, at 22:35, Paul Wouters <p...@nohats.ca >>> <mailto:p...@nohats.ca>> wrote: >>> >>> >>> So now that OCB is finally free, do we want to implement it? :) >>> >>> I'm honestly not sure if the improvements of AES-GCM are worth it. >>> I haven't heard of vulnerabilities in IKE/ESP wrt. IVs or counters. >>> >>> Paul >>> >>> ---------- Forwarded message ---------- >>> Date: Sat, 27 Feb 2021 14:37:30 >>> From: "Salz, Rich via cryptography" <cryptogra...@metzdowd.com >>> <mailto:cryptogra...@metzdowd.com>> >>> To: "cryptogra...@metzdowd.com <mailto:cryptogra...@metzdowd.com>" >>> <cryptogra...@metzdowd.com <mailto:cryptogra...@metzdowd.com>> >>> Subject: [Cryptography] Direct public confirmation from Dr. Rogaway >>> >>> >>> https://mailarchive.ietf.org/arch/msg/cfrg/qLTveWOdTJcLn4HP3ev-vrj05Vg/ >>> <https://mailarchive.ietf.org/arch/msg/cfrg/qLTveWOdTJcLn4HP3ev-vrj05Vg/> : >>> >>> >>> >>> I can confirm that I have abandoned all OCB patents >>> >>> and placed into the public domain all OCB-related IP of mine. >>> >>> While I have been telling people this for quite some time, I don't >>> >>> think I ever made a proper announcement to the CFRG or on the >>> >>> OCB webpage. Consider that done. >>> >>> >>> >>> I hope people will use the scheme to do positive things. >>> >>> >>> >>> phil >>> >>> _______________________________________________ >>> The cryptography mailing list >>> cryptogra...@metzdowd.com <mailto:cryptogra...@metzdowd.com> >>> https://www.metzdowd.com/mailman/listinfo/cryptography >>> <https://www.metzdowd.com/mailman/listinfo/cryptography> >>> _______________________________________________ >>> IPsec mailing list >>> IPsec@ietf.org <mailto:IPsec@ietf.org> >>> https://www.ietf.org/mailman/listinfo/ipsec >>> <https://www.ietf.org/mailman/listinfo/ipsec> >> >> >> >> _______________________________________________ >> IPsec mailing list >> IPsec@ietf.org <mailto:IPsec@ietf.org> >> https://www.ietf.org/mailman/listinfo/ipsec >> <https://www.ietf.org/mailman/listinfo/ipsec> > > -- > "The object of life is not to be on the side of the majority, but to > escape finding oneself in the ranks of the insane." -- Marcus Aurelius > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
