SPC-4, 07-449r9: Should we mandate AES-GCM or AES-CBC-HMAC for IKEv2-SCSI

Date: Wed, 19 Sep 2007 18:06:18 -0600
From: "Matt Ball" <matt.ball@IEEE.org>
To: t10@t10.org
Subject: SPC-4, 07-449r9: Should we mandate AES-GCM or AES-CBC-HMAC for IKEv2-SCSI
Cc: "David Black" <Black_David@emc.com>
X-Message-Number: 8100
Formatted message: HTML-formatted message

Now that we've preliminarily decided to allow both the 128-bit and 256-bit
columns in IKEv2-SCSI (T10/07-449), the next straw poll for the group is to
decide which symmetric encryption mode to mandate for IKEv2-SCSI.  The
choices are as follows:
a) AES-GCM; or
b) AES-CBC-HMAC-SHA
GCM is generally faster in both software and hardware implementations.
CBC-HMAC-SHA is currently FIPS 140-2-approved (SP 800-38A + FIPS 198a + FIPS
180-2).  However, NIST will likely approve SP 800-38D (GCM) by the time
IKEv2-SCSI is finished.
Please check with your crypto dudes and let David Black and me know which
choice you prefer, and whether this is a strong preference.  I'm hoping we
can resolve this by the next CAP security conference call, or Vegas at the
latest.
-- 
Thanks!
Matt Ball
IEEE SISWG Chair
303-717-2717
http://www.linkedin.com/in/matthewvball