Hmm - the encrypted tape community seems to be favoring AES-256 based on the potentially long lifetime of stored data. If they should be talked out of this, what would you recommend as an authoritative reference to use for that purpose? See IEEE P1619.1 for some insight into what's going on here. Thanks, --David ---------------------------------------------------- David L. Black, Senior Technologist EMC Corporation, 176 South St., Hopkinton, MA 01748 +1 (508) 293-7953 FAX: +1 (508) 293-7786 black_david at emc.com Mobile: +1 (978) 394-7754 ---------------------------------------------------- > -----Original Message----- > From: saag-bounces at mit.edu [mailto:saag-bounces at mit.edu] On > Behalf Of Stephen Kent > Sent: Wednesday, May 03, 2006 5:29 PM > To: Lakshminath Dondeti > Cc: saag at mit.edu; ietf-rtpsec at imc.org; David McGrew; AVT > Subject: Re: [saag] The use of AES-192 and AES-256 in Secure RTP > > I'm not a cryptographer, but I generally advise against encouraging > users to employ AES with 256-bit keys. The 256-bit key size is there > primarily as a hedge against the future development of quantum > computers. Since there are some performance costs with the use of big > keys, it seems unnecessary to adopt them at this time. > > Steve > _______________________________________________ > saag mailing list > saag at mit.edu > http://mailman.mit.edu/mailman/listinfo/saag >
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.