Capwap Mailing List: Re: crypto algorithms for DTLS

[Charles Clancy (clancy]

Abhijit,

Due to the use of DTLS, we're stuck with TLS ciphersuites.  Use of 
something like GCM would require a TLS GCM ciphersuite.  There is work 
on a GCM ciphersuite now, but it requires ECC rather than RSA.  I don't 
think we're quite ready to make ECC mandatory to implement.  Maybe once 
draft-ietf-tls-ctr is done, we could consider some CTR encryption modes.

--
t. charles clancy, ph.d.  |  tcc [at] umd.edu  |  www.cs.umd.edu/~clancy


Abhijit Choudhury wrote:
> Folks,
> The current draft mentions the following
>
>    o  TLS_RSA_WITH_AES_128_CBC_SHA
>  
>    o  TLS_RSA_WITH_3DES_EDE_CBC_SHA
>
> mandatory modes for DTLS in CAPWAP. There was
> some discussion in the past about the
> shortcomings of 3DES when used for DTLS in
> CAPWAP.  That would leave AES_128_CBC_SHA
> as the leading candidate for use in DTLS for
> CAPWAP.
>  
> I would propose adding AES-GCM (with GMAC) as
> a mandatory mode.  This is already supported in
> IPSec (RFC 4106) and also in 802.1ae.  This
> algorithm provides significant performance
> improvement in both hardware and software
> implementations. (see http://eprint.iacr.org/2004/193.pdf)
> When we move to 802.11n, the aggregation of traffic
> from many 11n APs at the AC will imply that
> we will need crypto algorithms with high
> throughput. Supporting AES-GCM would help.
>  
> Comments ?
>  
> Regards,
> Abhijit
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
>
> ------------------------------------------------------------------------
>
> _________________________________________________________________
> To unsubscribe or modify your subscription options, please visit:
> http://lists.frascone.com/mailman/listinfo/capwap
>
> Archives: http://lists.frascone.com/pipermail/capwap