Hi Steve, It all started with David's notes copy-pasted below: ++++++++ there has been some interest in using AES with larger key sizes in Secure RTP, and some implementations have gone in this direction in advance of any specification. I wrote up an internet draft to fill this gap (after trying unsuccessfully to get someone else to write it :-) and to provide usage guidance and (eventually) test vectors. +++++++It looks like all we are doing at the IETF is to specify; business as usual :-). We could add a recommendation along the lines you propose below.
regards, Lakshminath At 02:28 PM 5/3/2006, Stephen Kent wrote:
I'm not a cryptographer, but I generally advise against encouraging users to employ AES with 256-bit keys. The 256-bit key size is there primarily as a hedge against the future development of quantum computers. Since there are some performance costs with the use of big keys, it seems unnecessary to adopt them at this time.Steve
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.