Issue7

Issues
Show Unassigned
Show All
Search

Login




Register
Lost your login?

Help
Roundup docs

Title crypto algorithms for DTLS
Priority wish Status deferred
Superseder Nosy List pcalhoun
Assigned To Topics

Created on 2007-07-18.21:18:57 by pcalhoun, last changed 2007-07-18.21:18:57 by pcalhoun.

Messages
msg7 (view) Author: pcalhoun Date: 2007-07-18.21:18:57 
Folks,
The current draft mentions the following

   o  TLS_RSA_WITH_AES_128_CBC_SHA
 
   o  TLS_RSA_WITH_3DES_EDE_CBC_SHA

mandatory modes for DTLS in CAPWAP. There was 
some discussion in the past about the
shortcomings of 3DES when used for DTLS in
CAPWAP.  That would leave AES_128_CBC_SHA
as the leading candidate for use in DTLS for
CAPWAP.
 
I would propose adding AES-GCM (with GMAC) as 
a mandatory mode.  This is already supported in 
IPSec (RFC 4106) and also in 802.1ae.  This 
algorithm provides significant performance
improvement in both hardware and software 
implementations. (see http://eprint.iacr.org/2004/193.pdf)
When we move to 802.11n, the aggregation of traffic
from many 11n APs at the AC will imply that
we will need crypto algorithms with high
throughput. Supporting AES-GCM would help.
History
Date User Action Args
2007-07-18 21:18:57pcalhouncreate