[TLS] Re: Issue 56: AES as MTI

To: Mike <mike-list at pobox.com>
Subject: [TLS] Re: Issue 56: AES as MTI
From: Simon Josefsson <simon at josefsson.org>
Date: Thu, 13 Sep 2007 10:35:55 +0200
Cc: tls at ietf.org
In-reply-to: <46E883B4.4000907@pobox.com> (Mike's message of "Wed, 12 Sep 2007 17:26:28 -0700")
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
Openpgp: id=B565716F; url=http://josefsson.org/key.txt
References: <20070912231150.ED1D533C21@delta.rtfm.com> <65C7072814858342AD0524674BCA2CDB0D2E6E3E@rsana-ex-hq2.NA.RSA.NET> <20070912232636.2B5FE33C21@delta.rtfm.com> <46E883B4.4000907@pobox.com>
User-agent: Gnus/5.110007 (No Gnus v0.7) Emacs/22.1 (gnu/linux)

Mike <mike-list at pobox.com> writes:

>> The current algorithm is 3DES_EDE_CBC. I would imagine we would use
>> AES_128_CBC. It's a much easier substitution than GCM and most
>> TLS stacks already support AES-CBC.
>
> I support AES-CBC in my implementation, but don't yet support GCM,
> just as one more data point for your decision.

The situation is the same for GnuTLS, FWIW.

> However, is 128-bit AES as strong as 192-bit 3DES?

The effective key size for 3DES is only 112 bits, see also:
http://en.wikipedia.org/wiki/Triple_DES

/Simon

_______________________________________________
TLS mailing list
TLS at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

References:
- [TLS] Issue 56: AES as MTI
  - From: Eric Rescorla
- Re: [TLS] Issue 56: AES as MTI
  - From: Eric Rescorla
- Re: [TLS] Issue 56: AES as MTI
  - From: Mike

Prev by Date: [TLS] Re: Review of draft-santesson-tls-gssapi-03
Next by Date: Re: [TLS] Issue 56: AES as MTI
Previous by thread: Re: [TLS] Issue 56: AES as MTI
Next by thread: Re: [TLS] Issue 56: AES as MTI
Index(es):
- Date
- Thread

[TLS] Re: Issue 56: AES as MTI

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.