The statement i [1] is about AES, and is very true. AES-192 is very seldom used, and people tend to jump directly to AES-256.
For ECC curves, the opposite is true, people tend to use P-384 instead of P-521. Most likely because of that P-384 is used in suite B. According to [2], Google Chrome recently dropped support of P-521. [2] https://support.globalsign.com/customer/portal/articles/1995283-ecc-compati bility The security level of the AES_256_GCM_SHA384-algorithms is clearly no more than 192 as SHA-384 is used. On 12/10/15 15:18, "Sean Turner" <s...@sn3rd.com> wrote: >It is interesting to note that in discussing update IPSec’s RFC 4307 >somebody suggested making 192 a MAY because folks only use 128/256 [1]. > >spt > >[1] http://mailarchive.ietf.org/arch/msg/ipsec/1F5h4j-dP5dLPCCAqg4iqgjjYFE > >On Oct 12, 2015, at 05:01, John Mattsson <john.matts...@ericsson.com> >wrote: > >> I think the selection of MTI Cipher Suites (Section 8.1 of >>draft-ietf-tls-tls13-09) is excellent, but I am missing a recommended >>ECC curve for the “SHOULD” cipher suites. Little benefit of using >>AES-256 with P-256 or curve25519. Shouldn’t there be a SHOULD implement >>ECC curve giving at least 192-bit security? E.g. >> >> "These cipher suites SHOULD support both digital signatures and key >>exchange with secp384r1 (NIST P-384)." >> >> Cheers, >> John >> >> <13DEFB94-F735-49B0-8196-BDB5C9017A32[3].png> >> >> JOHN MATTSSON >> MSc Engineering Physics, MSc Business Administration and Economics >> Ericsson IETF Security Coordinator >> Senior Researcher, Security >> >> Ericsson AB >> Ericsson Research >> Färögatan 6 >> SE-164 80 Stockholm, Sweden >> Phone +46 10 71 43 501 >> SMS/MMS +46 76 11 53 501 >> john.matts...@ericsson.com >> www.ericsson.com >> >> >> <D377E800-0A1A-43D3-AF5E-165F697789B5[3].png> >> >> This Communication is Confidential. We only send and receive email on >>the basis of the terms set out atwww.ericsson.com/email_disclaimer >> >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls > _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
