Re: [IPsec] AES key lengths: draft-ietf-ipsecme-esp-ah-reqts

"Black, David" <david.black@emc.com> Mon, 10 March 2014 02:30 UTC

Return-Path: <david.black@emc.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0B611A03A9 for <ipsec@ietfa.amsl.com>; Sun, 9 Mar 2014 19:30:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.547
X-Spam-Level:
X-Spam-Status: No, score=-2.547 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M-LTVRNpsAq7 for <ipsec@ietfa.amsl.com>; Sun, 9 Mar 2014 19:29:59 -0700 (PDT)
Received: from mailuogwhop.emc.com (mailuogwhop.emc.com [168.159.213.141]) by ietfa.amsl.com (Postfix) with ESMTP id 983DC1A03A4 for <ipsec@ietf.org>; Sun, 9 Mar 2014 19:29:59 -0700 (PDT)
Received: from maildlpprd05.lss.emc.com (maildlpprd05.lss.emc.com [10.253.24.37]) by mailuogwprd04.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id s2A2Tpgl002131 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 9 Mar 2014 22:29:52 -0400
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd04.lss.emc.com s2A2Tpgl002131
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=emc.com; s=jan2013; t=1394418592; bh=gADsUr8psF1qUkB7TTEY7gUuHyY=; h=From:To:Date:Subject:Message-ID:References:In-Reply-To: Content-Type:MIME-Version; b=BK5CzjGcANYsodZUYJPPP4abpxyl4Xv6IuTa0CnZVXPEtN2VXa2JdAdhV00z+eQ1N NsijmzQzBYgUrvEfAjYkIRKmlN4evXi2EDsYup35FVp+b0sZspTWQmA5GkGi9CFiQ9 8YEgyhZJ8kBOjqX4Y9cA0AuJqwPewIXc5VmP/Es8=
X-DKIM: OpenDKIM Filter v2.4.3 mailuogwprd04.lss.emc.com s2A2Tpgl002131
Received: from mailusrhubprd52.lss.emc.com (mailusrhubprd52.lss.emc.com [10.106.48.25]) by maildlpprd05.lss.emc.com (RSA Interceptor); Sun, 9 Mar 2014 19:29:42 -0700
Received: from mxhub06.corp.emc.com (mxhub06.corp.emc.com [128.222.70.203]) by mailusrhubprd52.lss.emc.com (Sentrion-MTA-4.3.0/Sentrion-MTA-4.3.0) with ESMTP id s2A2TfE0010145 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Sun, 9 Mar 2014 22:29:41 -0400
Received: from mx15a.corp.emc.com ([169.254.1.223]) by mxhub06.corp.emc.com ([128.222.70.203]) with mapi; Sun, 9 Mar 2014 22:29:40 -0400
From: "Black, David" <david.black@emc.com>
To: Yoav Nir <ynir.ietf@gmail.com>, ipsec <ipsec@ietf.org>
Date: Sun, 9 Mar 2014 22:29:42 -0400
Thread-Topic: [IPsec] AES key lengths: draft-ietf-ipsecme-esp-ah-reqts
Thread-Index: Ac87fBKVk7xwAw2gR3qHp4OH6u0vGAAi7ozA
Message-ID: <8D3D17ACE214DC429325B2B98F3AE71206CF4393CC@MX15A.corp.emc.com>
References: <8D3D17ACE214DC429325B2B98F3AE71206CF439362@MX15A.corp.emc.com> <C75A84166056C94F84D238A44AF9F6AD06F1684B@AUSX10MPC102.AMER.DELL.COM> <CAGvU-a5=NR9j9OQTxLmvX_MoGyDHNiv3Q9vDLNHH2FJvCm47sQ@mail.gmail.com>
In-Reply-To: <CAGvU-a5=NR9j9OQTxLmvX_MoGyDHNiv3Q9vDLNHH2FJvCm47sQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_8D3D17ACE214DC429325B2B98F3AE71206CF4393CCMX15Acorpemcc_"
MIME-Version: 1.0
X-Sentrion-Hostname: mailusrhubprd52.lss.emc.com
X-RSA-Classifications: public
Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/ciC2AT49fbCoGXkuxuX6rKGsilI
Subject: Re: [IPsec] AES key lengths: draft-ietf-ipsecme-esp-ah-reqts
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Mar 2014 02:30:04 -0000

The storage world seems to have done likewise - use 256-bit keys when 128-bits
aren't enough; tape encryption is one source of examples.

Also see Section 7.3 of RFC 5282 (Using Authenticated Encryption Algorithms
with the Encrypted Payload of the Internet Key Exchange version 2 (IKEv2)
Protocol) which also recommends 256-bit keys in preference to 192-bit keys.

FWIW, Section 7.2 of the same RFC (which applies to both CCM and GCM) recommends
16-octet ICVs and recommends against 12-octet ICVs.

Thanks,
--David

From: IPsec [mailto:ipsec-bounces@ietf.org] On Behalf Of Yoav Nir
Sent: Sunday, March 09, 2014 5:44 AM
To: ipsec
Subject: Re: [IPsec] AES key lengths: draft-ietf-ipsecme-esp-ah-reqts

With vendor hat on: years ago we measured the performance and found that the performance of AES-256-CBC and AES-192-CBC were virtually identical. We removed AES-192-CBC from our UI because we didn't see a point to it - less security for no performance gain.
I don't have any more recent measurements, but unless there is a good reason to prefer AES-192-CBC over AES-256-CBC, I'd rather it not be a SHOULD.

On Sat, Mar 8, 2014 at 10:00 PM, <Paul_Koning@dell.com<mailto:Paul_Koning@dell.com>> wrote:

On Mar 8, 2014, at 8:08 AM, Black, David <david.black@emc.com<mailto:david.black@emc.com>> wrote:

>> The next draft changes AES-128-CBC to AES-CBC, and says:
>>
>> In the following sections, all AES modes are for 128-bit AES. 192-bit AES
>> MAY be supported for those modes, but the requirements here are for 128-bit
>> AES.
>
> What about 256-bit AES keys?  They should also be a "MAY".
Why not "SHOULD" for 192 and 256 bit keys?

        paul

_______________________________________________
IPsec mailing list
IPsec@ietf.org<mailto:IPsec@ietf.org>
https://www.ietf.org/mailman/listinfo/ipsec