> On 3 Mar 2021, at 21:36, Dan Harkins wrote:
>
>
> Faster and more secure seem to be compelling reasons. Those reasons are
> probably more compelling for ESP than they are for IKE.
Yes. If we were back in 2008 and figuring out which AEAD we should be using and
they were both as
their particular protocols.
That's where we come in.
regards,
Dan.
Dan
*From:* IPsec *On Behalf Of *Dan Harkins
*Sent:* Wednesday, March 3, 2021 2:37 PM
*To:* ipsec@ietf.org
*Subject:* Re: [IPsec] [Cryptography] Direct public confirmation
from Dr. Ro
trust
in OCB3 relative to OCB2?
From: Dan Harkins
Sent: Mar 4, 2021 5:29 PM
To: Dan Brown ; ipsec@ietf.org
Subject: Re: [IPsec] [Cryptography] Direct public confirmation from Dr. Rogaway
(fwd)
Hi Dan,
On 3/4/21 11:04 AM, Dan Brown wrote:
Deciding whether to use
:* IPsec *On Behalf Of *Dan Harkins
*Sent:* Wednesday, March 3, 2021 2:37 PM
*To:* ipsec@ietf.org
*Subject:* Re: [IPsec] [Cryptography] Direct public confirmation from
Dr. Rogaway (fwd)
Faster and more secure seem to be compelling reasons. Those reasons are
probably more compelling for ESP
problem.
Dan
From: IPsec On Behalf Of Dan Harkins
Sent: Wednesday, March 3, 2021 2:37 PM
To: ipsec@ietf.org
Subject: Re: [IPsec] [Cryptography] Direct public confirmation from Dr. Rogaway
(fwd)
Faster and more secure seem to be compelling reasons. Those reasons are
probably
Hi Dan
Glad you replied to this, OCB seems to be a hot topic at the moment. There
seems to be some interest in this simply due to the potential speed
increase.
Would anyone know the potential % difference in speed compared to GCM ?
In summary I think it should be discussed.
cheers
On Wed, Mar
Faster and more secure seem to be compelling reasons. Those reasons are
probably more compelling for ESP than they are for IKE.
The license for OCB always had some caveats like the code could not
be used
for military purposes which is something of a nightmare for a
manufacturer of
IIRC the license has allowed OCB to be used for TLS for several years. They
haven’t taken it up. There are no AES-OCB ciphersuites
inhttps://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-4
So now that OCB is finally free, do we want to implement it? :)
I'm honestly not sure if the improvements of AES-GCM are worth it.
I haven't heard of vulnerabilities in IKE/ESP wrt. IVs or counters.
Paul
-- Forwarded message --
Date: Sat, 27 Feb 2021 14:37:30
From: "Salz, Rich