The document [1] specify a mode of encryption that has not, to my knowledge, been used anywhere else: CBC-CTS with IV-carry. The document does not reference any standard work that define it, so it appears the document authors are not aware of prior use of it either. There is no analysis of the security of the mode in the document. The CFRG has not commented on the mode. The security consideration does not mention that the document define or use a non-standard mode. Considering all this, I believe it would be only prudent to reflect those facts in the security consideration, to help people form an opinion about it. Here is a proposed paragraph for inclusion: The encryption mode used in this document, CBC with Cipher Text Stealing with IV carry between messages, has to our knowledge not been studied extensively, or even at all, in the available literature. Thanks, Simon [1] http://www.ietf.org/internet-drafts/draft-raeburn-krb-rijndael-krb-06.txt _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf