[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: A little social engineering



Would you like to write an "ESP Shim" document proposing it?

At this point the following ciphers have been talked about (I'm talking in
vague terms here, just from my knowledge)

DES-CBC
3DES-EDE (I think that's how you say it precisely...)
RC4/ARCFOUR-128
RC5
CASTv5-128 (I trust Mr. Adams and/or the draft writers will correct my
spelling)

When I did the ARCFOUR cipher draft last spring I would hear from people --
"what about Blowfish", "What about CAST", "What about Safer", "What about
SEAL", etc.  Actually I think that's the three I heard people mention.

I believe we can only think about the ones we've got ESP and/or DOI
"paperwork" written for.  That means, today, we think about RC5 and CAST
and 3DES.  You want Safer?  This is a reasonable question, I believe, but
someone has to write a draft...

At 10:22 PM 6/20/97 +0100, you wrote:
>
>What's abouth SAFER ?
>
>Peter
>
>> Unfortunately, there doesn't seem to be any 'popular' alternatives to
>> DES that everyone could agree on being mandatory.
>> 
>>   - RC5 is patented by RSA and, I believe, is licensable
>>   - CAST-128 is patented by Entrust, but free and is relatively new
>>   - IDEA is patented by ETH and licensable from Ascom Systek
>> 
>> That leaves us with;
>> 
>>   - 3DES is slower than all of the above, but free
>>   - BlowFish is not that widely used and not that analyzed (Bruce
>> Schneir would disagree)
>> 
>> 
>> [ No slurs intended, since I'm definately not a cryptographer! ]
>> 
>> 
>> >----------
>> >From: 	Robert Moskowitz[SMTP:rgm3@chrysler.com]
>> >Sent: 	Friday, June 20, 1997 12:36 PM
>> >To: 	ipsec@tis.com
>> >Subject: 	A little social engineering
>> >
>> >For the moment, my Chrysler and AIAG hats are off, but my first comment as
>> >the new co-chair.
>> >
>> >Our Default cypher in the docs is 56bit DES, and I am not inclined to
>> >change it.
>> >
>> >However, perhaps agreement can be reached on a Recommended cypher of
>> >greater strength.  Now our official policy is we do not concern ourselves
>> >with any government policy like crypto export.  But if DES is giving us
>> >problems, 3DES is even worst.  I understand that Isreali companies have
>> >trouble exporting 3DES code, and no trouble exporting DES.
>> >
>> >So take a look at the various cyphers.  Perhaps we do not have to wait for
>> >AES to come up with a recommendation.
>> >
>> >Now putting my AIAG hat back on, this is of interest to me...
>> >
>> >
>> >
>> >Robert Moskowitz
>> >Chrysler Corporation
>> >(810) 758-8212
>> >
>> >
>
>
>
>
>
>


Follow-Ups: References: