RE: MUST implement AES-CBC for IPsec ESP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> > For ESP encryption algorithms, the document that was sent out for Last
> > Call contains the following table:
> >
> >       Requirement    Encryption Algorithm (notes)
> >       -----------    --------------------
> >       MUST           NULL (1)
> >       MUST-          TripleDES-CBC [RFC2451]
> >       SHOULD+        AES-CBC with 128-bit keys [RFC3602]
> >       SHOULD         AES-CTR [RFC3686]
> >       SHOULD NOT     DES-CBC [RFC2405] (3)
> >
> > The Last Call comment suggests changing the "SHOULD+" for AES-CBC to
> > "MUST."

Are any of these encryption algorithms patented?

/Larry Rosen

Lawrence Rosen
Rosenlaw & Einschlag, a technology law firm (www.rosenlaw.com)
Stanford University, Lecturer in Law
3001 King Ranch Road, Ukiah, CA 95482
707-485-1242 * cell: 707-478-8932 * fax: 707-485-1243
Skype: LawrenceRosen
Author of "Open Source Licensing: Software Freedom and 
                Intellectual Property Law" (Prentice Hall 2004)

> -----Original Message-----
> From: Lakshminath Dondeti [mailto:ldondeti@xxxxxxxxxxxx]
> Sent: Saturday, January 20, 2007 1:35 PM
> To: Russ Housley
> Cc: ipsec@xxxxxxxx; saag@xxxxxxx; ietf@xxxxxxxx
> Subject: Re: MUST implement AES-CBC for IPsec ESP
> 
> What are the export implications due to this?  A compliant ESP
> implementation MUST include the DES cipher due to this change.   With
> status quo, a compliant ESP implementation can be used for integrity
> protection alone with NULL encryption.
> 
> regards,
> Lakshminath
> 
> Russ Housley wrote:
> > During the IETF Last Call for draft-manral-ipsec-rfc4305-bis-errata, we
> > received a comment that deserves wide exposure.
> >
> > For ESP encryption algorithms, the document that was sent out for Last
> > Call contains the following table:
> >
> >       Requirement    Encryption Algorithm (notes)
> >       -----------    --------------------
> >       MUST           NULL (1)
> >       MUST-          TripleDES-CBC [RFC2451]
> >       SHOULD+        AES-CBC with 128-bit keys [RFC3602]
> >       SHOULD         AES-CTR [RFC3686]
> >       SHOULD NOT     DES-CBC [RFC2405] (3)
> >
> > The Last Call comment suggests changing the "SHOULD+" for AES-CBC to
> > "MUST."
> >
> > I support this proposed change, and I have asked the author to make this
> > change in the document that will be submitted to the IESG for
> > consideration on the Telechat on January 25th.  If anyone has an
> > objection to this change, please speak now.  Please send comments on
> > this proposed change to the iesg@xxxxxxxx or ietf@xxxxxxxx mailing lists
> > by 2007-01-24.
> >
> > Russ Housley
> > Security AD
> >
> >
> > _______________________________________________
> > Ietf mailing list
> > Ietf@xxxxxxxx
> > https://www1.ietf.org/mailman/listinfo/ietf
> >
> 
> _______________________________________________
> Ietf mailing list
> Ietf@xxxxxxxx
> https://www1.ietf.org/mailman/listinfo/ietf


_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]