Steven, Counter mode is described in: W. Diffie and M. E. Hellman, "Privacy and Authentication: An Introduction to Cryptography," Proceedings of the IEEE, Vol. 67, March 1979, pp. 397-427. See Figure 18 on page 417. http://www-ee.stanford.edu/%7Ehellman/publications/32.pdf -- Bart Preneel ------------------------------------------------------------------------------- Katholieke Universiteit Leuven tel. +32 16 32 11 48 Dept. Electrical Engineering-ESAT / COSIC fax. +32 16 32 19 69 Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee, BELGIUM bart.preneel@xxxxxxxxxxxxxxxx http://www.esat.kuleuven.be/~preneel ------------------------------------------------------------------------------- On Sat, 20 Jan 2007, Steven M. Bellovin wrote: > On Sat, 20 Jan 2007 14:45:26 -0800 > "Lawrence Rosen" <lrosen@xxxxxxxxxxxx> wrote: > > > > > For ESP encryption algorithms, the document that was sent out for > > > > Last Call contains the following table: > > > > > > > > Requirement Encryption Algorithm (notes) > > > > ----------- -------------------- > > > > MUST NULL (1) > > > > MUST- TripleDES-CBC [RFC2451] > > > > SHOULD+ AES-CBC with 128-bit keys [RFC3602] > > > > SHOULD AES-CTR [RFC3686] > > > > SHOULD NOT DES-CBC [RFC2405] (3) > > > > > > > > The Last Call comment suggests changing the "SHOULD+" for AES-CBC > > > > to "MUST." > > > > Are any of these encryption algorithms patented? > > [...] > > > That leaves CTR mode. I doubt very much that it's patented, since it's > been very well known for many years and NIST rarely standardizes > patented algorithms in this space (which I know you appreciate...). > However, I don't have any citations to prove this negative. > > --Steve Bellovin, http://www.cs.columbia.edu/~smb > > _______________________________________________ > Ipsec mailing list > Ipsec@xxxxxxxx > https://www1.ietf.org/mailman/listinfo/ipsec > Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf