| Re: crypto algorithms for DTLS | <– Date –> <– Thread –> |
From: Pat Calhoun (pacalhou) (pcalhoun cisco.com)
|
|
| Date: Thu, 4 Jan 2007 13:28:26 -0800 (PST) | |
Issue
230 has been created to track this issue.
Pat Calhoun
CTO, Wireless Networking Business
Unit
Cisco Systems
From: Abhijit Choudhury [mailto:abhijit10425 [at] yahoo.com]
Sent: Friday, December 22, 2006 11:36 AM
To: capwap [at] frascone.com
Subject: [Capwap] crypto algorithms for DTLSFolks,The current draft mentions the following
o TLS_RSA_WITH_AES_128_CBC_SHAo TLS_RSA_WITH_3DES_EDE_CBC_SHA
mandatory modes for DTLS in CAPWAP. There wassome discussion in the past about theshortcomings of 3DES when used for DTLS inCAPWAP. That would leave AES_128_CBC_SHA
as the leading candidate for use in DTLS forCAPWAP.I would propose adding AES-GCM (with GMAC) asa mandatory mode. This is already supported inIPSec (RFC 4106) and also in 802.1ae. Thisalgorithm provides significant performanceimprovement in both hardware and softwareimplementations. (see http://eprint.iacr.org/2004/193.pdf)When we move to 802.11n, the aggregation of trafficfrom many 11n APs at the AC will imply thatwe will need crypto algorithms with highthroughput. Supporting AES-GCM would help.Comments ?Regards,Abhijit
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
- Re: crypto algorithms for DTLS, (continued)
- Re: crypto algorithms for DTLS Joseph Salowey (jsalowey), July 10 2008
- Re: crypto algorithms for DTLS Scott Kelly, July 11 2008
- Re: crypto algorithms for DTLS Abhijit Choudhury (achoudhu), July 10 2008
- Re: crypto algorithms for DTLS Margaret Wasserman, July 11 2008
Results generated by Tiger Technologies using MHonArc.