[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 3DES (was: ipsec vs. firewalls)

To: Steve Bellovin <smb@research.att.com>
Subject: Re: 3DES (was: ipsec vs. firewalls)
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
Date: Fri, 8 May 1998 13:40:37 -0400
Address: 1 Amherst St., Cambridge, MA 02139
Cc: ipsec@tis.com
In-Reply-To: Steve Bellovin's message of Fri, 08 May 1998 11:02:21 -0400,<199805081502.LAA06659@postal.research.att.com>
Phone: (617) 253-8091
Sender: owner-ipsec@ex.tis.com

   Date: Fri, 08 May 1998 11:02:21 -0400
   From: Steve Bellovin <smb@research.att.com>

   A more interesting topic is whether or not 3DES should be mandatory-
   to-implement.  I suggest that it should be -- DES is obviously doomed
   (pick your favorite time constant), and we should take that into
   account.  We're better off if the IPSEC boxes being deployed now are
   ready to switch.

While I agree with you, we might need to have another one of Jeff's
famous straw polls in Chicago (the "Chicago doctrine", anyone?), given
the U.S. Goverment's special hostility to triple-DES.  Given that
vendors living behind the cryptographic iron curtain weren't all that
happy about making DES mandatory, I'd suspect that they would howl over
making triple-DES mandatory.

						- Ted

Follow-Ups:

Re: 3DES (was: ipsec vs. firewalls)

From: Daniel Harkins <dharkins@cisco.com>

References:

3DES (was: ipsec vs. firewalls)

From: Steve Bellovin <smb@research.att.com>

Prev by Date: Re: 3DES (was: ipsec vs. firewalls)
Next by Date: Re: 3DES (was: ipsec vs. firewalls)
Next by thread: RE: [Karen Seo: Thomas Narten -- clarification, etc.]
Index(es):
- Main
- Thread