SPC-4, 07-449r9: Should we mandate AES-GCM or AES-CBC-HMAC for IKEv2-SCSI

Matt Ball matt.ball at IEEE.org
Wed Sep 19 17:06:18 PDT 2007


Formatted message: <A HREF="r0709192_f.htm">HTML-formatted message</A>

Now that we've preliminarily decided to allow both the 128-bit and 256-bit
columns in IKEv2-SCSI (T10/07-449), the next straw poll for the group is to
decide which symmetric encryption mode to mandate for IKEv2-SCSI.  The
choices are as follows:
a) AES-GCM; or
b) AES-CBC-HMAC-SHA
GCM is generally faster in both software and hardware implementations.
CBC-HMAC-SHA is currently FIPS 140-2-approved (SP 800-38A + FIPS 198a + FIPS
180-2).  However, NIST will likely approve SP 800-38D (GCM) by the time
IKEv2-SCSI is finished.
Please check with your crypto dudes and let David Black and me know which
choice you prefer, and whether this is a strong preference.  I'm hoping we
can resolve this by the next CAP security conference call, or Vegas at the
latest.
-- 
Thanks!
Matt Ball
IEEE SISWG Chair
303-717-2717
http://www.linkedin.com/in/matthewvball



More information about the T10 mailing list