Bill Sommerfeld wrote:
Anyone with an opinion on this topic who has *not* yet spoken up should do so sooner rather than later. Please keep Russ CC:ed in this discussion.
Having read various other comments and thought about it a bit, my favoured solution is to REQUIRE 3des-ctr if *any* of the newmodes ciphers are implemented. Additionally, would a conditional REQUIRE be possible for aes128-ctr? Something along the lines of "we'd really, really like you to implement this, but we recognize that not everyone's hardware is going to be big enough to squeeze in both 3des and aes implementations". If that's not possible, my vote goes for just requiring 3des-ctr, since it's the thing that it's most likely to be possible to support across all implementations.
In an ideal world, I'd require aes256-ctr (and none of the others), but practicality leads me instead to the above approach...
-- Jon Bright Silicon Circus Ltd. http://www.siliconcircus.com