[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC WORKING GROUP LAST CALL

To: Daniel Harkins <dharkins@cisco.com>
Subject: Re: IPSEC WORKING GROUP LAST CALL
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 21 Feb 1998 19:18:42 -0500
cc: perry@piermont.com, ipsec@tis.com
In-reply-to: Your message of "Fri, 20 Feb 1998 16:12:26 PST." <199802210012.QAA03298@dharkins-ss20.cisco.com>
Reply-To: perry@piermont.com
Sender: owner-ipsec@ex.tis.com

Daniel Harkins writes:
> > Well, okay, but be that as it may, 40 bit encryption remains worthless
> > for confidentiality, and becomes even less worthwhile by the day. An
> > RFC defining how to do it puts an implicit IETF imprimateur on a bad
> > practice. I'd rather it not be standardized or endorsed in any
> > fashion.
> 
> You should've read my post before you got carried away with that knee
> jerk reaction. I said "'40 bit DES' is out." I was suggesting standardization
> on a cipher which takes variable-length key, such as Blowfish, and _not_
> 40 bit DES. 

Fine. We should be making sure that our Blowfish standard explicitly
states that anything smaller than 90 bits of key (the length
recommended as a minimum by the Blaze et al paper) doesn't conform
with any RFC we put out. Anything that permits a 40 bit key to conform
with an IETF standard is really not something I can support. 56 bit
DES is a joke already -- I can barely support standardizing *that*,
let alone 40 bit key capable algorithms.

>   Given the amount of times "IETF approved" is used in vain your arguments
> about the sanctity of the IETF imprimatur reminds me of someone defending
> the good name of a prostitute. Give it up, her virginity was gone long ago.

"We know that people have committed fraud in the past. Why not just
shut up and let more people do it again in the future!"

Because we are better than that. Because not all of us are whores.
Because some of us still have the illusion that the IETF doesn't exist
as a job program for vendors selling trash. Because some of us have
morals.

>   The real problem it seems to me is the blind faith that someone would put
> in the statement "RFC compliant" or "IETF approved" or "security expert".
> Especially if it come out of a marketing brochure.

People out there do not have an understanding of security. They depend
on people like me to help them out, and there aren't enough of me to
go around, so they sometimes are forced to treat things like IETF
standards documents as a good housekeeping seal. It is unreasonable to
expect everyone on earth to spend years of their life getting to the
point where they understand our field as well as we do. Like it or
not, it is up to us to rise to the occassion.

>   You're right, this is about "engineering". What is your non-political
> opposition to standardization on Blowfish? It's free, it's (pretty) fast,
> and it supports 448-bit keys if you're really hung up on key length (and
> it appears you are).

I actually don't like the key scheduling in Blowfish and am not sure
how much I trust the algorithm. None the less, I'll happily support an
RFC standardizing the use of Blowfish with keys of 90 bits and above.

Perry

References:

Re: IPSEC WORKING GROUP LAST CALL

From: Daniel Harkins <dharkins@cisco.com>

Prev by Date: Re: Export of Weak Crypto Rathole....
Next by Date: Re: key derivation for ESP Authentication Algorithm
Prev by thread: Re: IPSEC WORKING GROUP LAST CALL
Next by thread: Re: IPSEC WORKING GROUP LAST CALL
Index(es):
- Main
- Thread