1 | | I would note that aside from NIST SP 800-38D, another reason to add them is the European Union Agency for Network and Information Security 2013 Algorithms, Key Sizes and Parameters Report, published October 2013, which states: |
2 | | |
3 | | "This means at the time of writing we would only recommend the following cipher suites, for |
4 | | future use within TLS |
5 | | • _WITH_Camellia\index{Camellia}_128_GCM_SHA256, |
6 | | • _WITH_AES_128_GCM_SHA256, |
7 | | • _WITH_Camellia\index{Camellia}_256_GCM_SHA384, |
8 | | • _WITH_AES_256_GCM_SHA384, |
9 | | • _WITH_AES_128_CCM, |
10 | | • _WITH_AES_128_CCM_8, |
11 | | • _WITH_AES_256_CCM, |
12 | | • _WITH_AES_256_CCM_8. |
13 | | where is suffix denoting the underlying key exchange primitive." |
14 | | (\index{Camellia} typos from original document). |
| 1 | I would note that aside from NIST SP 800-38D, another reason to add them is the European Union Agency for Network and Information Security 2013 Algorithms, Key Sizes and Parameters Report, published October 2013, which endorses GCM. |