Re: [IPsec] AES key lengths: draft-ietf-ipsecme-esp-ah-reqts

"Black, David" <> Mon, 10 March 2014 02:30 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id B0B611A03A9 for <>; Sun, 9 Mar 2014 19:30:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.547
X-Spam-Status: No, score=-2.547 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id M-LTVRNpsAq7 for <>; Sun, 9 Mar 2014 19:29:59 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 983DC1A03A4 for <>; Sun, 9 Mar 2014 19:29:59 -0700 (PDT)
Received: from ( []) by (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id s2A2Tpgl002131 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 9 Mar 2014 22:29:52 -0400
X-DKIM: OpenDKIM Filter v2.4.3 s2A2Tpgl002131
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed;; s=jan2013; t=1394418592; bh=gADsUr8psF1qUkB7TTEY7gUuHyY=; h=From:To:Date:Subject:Message-ID:References:In-Reply-To: Content-Type:MIME-Version; b=BK5CzjGcANYsodZUYJPPP4abpxyl4Xv6IuTa0CnZVXPEtN2VXa2JdAdhV00z+eQ1N NsijmzQzBYgUrvEfAjYkIRKmlN4evXi2EDsYup35FVp+b0sZspTWQmA5GkGi9CFiQ9 8YEgyhZJ8kBOjqX4Y9cA0AuJqwPewIXc5VmP/Es8=
X-DKIM: OpenDKIM Filter v2.4.3 s2A2Tpgl002131
Received: from ( []) by (RSA Interceptor); Sun, 9 Mar 2014 19:29:42 -0700
Received: from ( []) by (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id s2A2TfE0010145 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Sun, 9 Mar 2014 22:29:41 -0400
Received: from ([]) by ([]) with mapi; Sun, 9 Mar 2014 22:29:40 -0400
From: "Black, David" <>
To: Yoav Nir <>, ipsec <>
Date: Sun, 9 Mar 2014 22:29:42 -0400
Thread-Topic: [IPsec] AES key lengths: draft-ietf-ipsecme-esp-ah-reqts
Thread-Index: Ac87fBKVk7xwAw2gR3qHp4OH6u0vGAAi7ozA
Message-ID: <>
References: <> <C75A84166056C94F84D238A44AF9F6AD06F1684B@AUSX10MPC102.AMER.DELL.COM> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_8D3D17ACE214DC429325B2B98F3AE71206CF4393CCMX15Acorpemcc_"
MIME-Version: 1.0
X-RSA-Classifications: public
Subject: Re: [IPsec] AES key lengths: draft-ietf-ipsecme-esp-ah-reqts
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 10 Mar 2014 02:30:04 -0000

The storage world seems to have done likewise - use 256-bit keys when 128-bits
aren't enough; tape encryption is one source of examples.

Also see Section 7.3 of RFC 5282 (Using Authenticated Encryption Algorithms
with the Encrypted Payload of the Internet Key Exchange version 2 (IKEv2)
Protocol) which also recommends 256-bit keys in preference to 192-bit keys.

FWIW, Section 7.2 of the same RFC (which applies to both CCM and GCM) recommends
16-octet ICVs and recommends against 12-octet ICVs.


From: IPsec [] On Behalf Of Yoav Nir
Sent: Sunday, March 09, 2014 5:44 AM
To: ipsec
Subject: Re: [IPsec] AES key lengths: draft-ietf-ipsecme-esp-ah-reqts

With vendor hat on: years ago we measured the performance and found that the performance of AES-256-CBC and AES-192-CBC were virtually identical. We removed AES-192-CBC from our UI because we didn't see a point to it - less security for no performance gain.
I don't have any more recent measurements, but unless there is a good reason to prefer AES-192-CBC over AES-256-CBC, I'd rather it not be a SHOULD.

On Sat, Mar 8, 2014 at 10:00 PM, <<>> wrote:

On Mar 8, 2014, at 8:08 AM, Black, David <<>> wrote:

>> The next draft changes AES-128-CBC to AES-CBC, and says:
>> In the following sections, all AES modes are for 128-bit AES. 192-bit AES
>> MAY be supported for those modes, but the requirements here are for 128-bit
>> AES.
> What about 256-bit AES keys?  They should also be a "MAY".
Why not "SHOULD" for 192 and 256 bit keys?


IPsec mailing list<>