Jon Callas
jon at callas.org
Tue Feb 16 21:17:39 EST 2021
More information about the cryptography mailing list
Tue Feb 16 21:17:39 EST 2021
- Previous message (by thread): [Cryptography] AES GCM insecure vs OCB1/OCB3 ??
- Next message (by thread): [Cryptography] Preventing correlation on rebinding connection identifiers.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> On Feb 16, 2021, at 11:37 AM, Paul Wouters <paul at cypherpunks.ca> wrote: > > On Sat, 13 Feb 2021, Jon Callas wrote: > >> Use OCB. It's faster and more secure than GCM. It's also now free of all patent issues. I talked to Phil Rogaway about it earlier in the year > > It would be useful if Rogaway could make a public statement somewhere on > this, because as far as I can see, it is still not allowed for IKE/IPsec > based on the latest public information I have. Yeah, it would. The deal, which is publicly verifiable from the PTO, is that he stopped paying the PTO upkeep fee, and so the patents are all now abandoned. I wrote him because I went to the PTO to check on expiry dates and saw that and thought "huh?" about it. He verified that it was intentional as a way to put the matter to bed without license games. > > side note: with ghash in hardware, is OCB still faster than GCM? I think so, because OCB is using AES in hardware. Jon
- Previous message (by thread): [Cryptography] AES GCM insecure vs OCB1/OCB3 ??
- Next message (by thread): [Cryptography] Preventing correlation on rebinding connection identifiers.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the cryptography mailing list