Re: 3DES (was: ipsec vs. firewalls)

["Marcus Leech" <Marcus.Leech.mleech@nt.com>]

Steve Bellovin wrote:
> 
> I'm not sure that a discussion on the merits of firewalls is very
> profitable here.  Regardless of whether or not we like them, I think
> we can all agree that firewalls are real, and are likely to remain so,
> and IPSEC (and everything else) should take notice of them.
> 
> A more interesting topic is whether or not 3DES should be mandatory-
> to-implement.  I suggest that it should be -- DES is obviously doomed
> (pick your favorite time constant), and we should take that into
> account.  We're better off if the IPSEC boxes being deployed now are
> ready to switch.
I'd certainly argue that 3DES should be mandatory, but I'm of the
  "encrypt 'til it hurts, then back off 3dB" school.

There's certainly still a perception that breaking 56-bit
  DES is "hard".  The mindset seems to be that "your average
  pimply teen hacker" isn't going to bother assembling a
  brute-forcing farm.  It's not, of course, the "pimply teen hackers"
  than concern me--and neither should they represent the threat
  model we're (IETF/IPSEC WG) trying to guard against.

I could, of course, argue that CAST-128 should me mandatory, but that
  would be letting my corporate loyalty show through :-)

---

Follow-Ups:

• Re: 3DES (was: ipsec vs. firewalls)
• From: Helger Lipmaa <helger@cyber.ee>

References:

• 3DES (was: ipsec vs. firewalls)
• From: Steve Bellovin <smb@research.att.com>

---

• Prev by Date: Re: ipsec vs. firewalls
• Next by Date: Re: ipsec vs. firewalls
• Next by thread: RE: [Karen Seo: Thomas Narten -- clarification, etc.]
• Index(es):
  • Main
  • Thread