[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 3DES (was: ipsec vs. firewalls)

To: Steve Bellovin <smb@research.att.com>, ipsec@tis.com
Subject: Re: 3DES (was: ipsec vs. firewalls)
From: Robert Moskowitz <rgm-sec@htt-consult.com>
Date: Fri, 08 May 1998 13:39:43 -0400
In-Reply-To: <199805081502.LAA06659@postal.research.att.com>
Sender: owner-ipsec@ex.tis.com

At 11:02 AM 5/8/98 -0400, Steve Bellovin wrote:
>
>A more interesting topic is whether or not 3DES should be mandatory-
>to-implement.  I suggest that it should be -- DES is obviously doomed
>(pick your favorite time constant), and we should take that into
>account.  We're better off if the IPSEC boxes being deployed now are
>ready to switch.
>
I am putting together the ICSA testing criteria for IPsec products for our
aug/sep certification round (any vendor that will have PRODUCTION systems
by July should subscribe to ipsec@icsa.net (majordomo list)).

Right now I have 3DES grouped with IDEA and CAST as 'extra security'.  If
there is strong concensus among vendors and customers on 3DES, we could
move 3DES to the baseline testing.

Looking for input.  Note our testing need not, and in fact when dealing
with rekeying be locked down to the MUSTs.

Robert Moskowitz
ICSA
Security Interest EMail: rgm-sec@htt-consult.com

Follow-Ups:

Re: 3DES (was: ipsec vs. firewalls)

From: "Ronald A Martin" <ramartin@hughes.com>

References:

3DES (was: ipsec vs. firewalls)

From: Steve Bellovin <smb@research.att.com>

Prev by Date: Re: ipsec vs. firewalls
Next by Date: Re: 3DES (was: ipsec vs. firewalls)
Next by thread: RE: [Karen Seo: Thomas Narten -- clarification, etc.]
Index(es):
- Main
- Thread