Re: 3DES (was: ipsec vs. firewalls)

["Ronald A Martin" <ramartin@hughes.com>]

Robert,
3DES should be baseline minimum.
	Ron
-- 
Ronald A. Martin
IT Security Architect
Raytheon Systems Company
Box 92919   R11/M352
Los Angeles, CA  90009-2919
v310-364-8810 f310-322-1454
p800-208-8325 or 2088325@skymail.com

This is my personal opinion and not necessarily that of my employer.



Robert Moskowitz wrote:
> 
> At 11:02 AM 5/8/98 -0400, Steve Bellovin wrote:
> >
> >A more interesting topic is whether or not 3DES should be mandatory-
> >to-implement.  I suggest that it should be -- DES is obviously doomed
> >(pick your favorite time constant), and we should take that into
> >account.  We're better off if the IPSEC boxes being deployed now are
> >ready to switch.
> >
> I am putting together the ICSA testing criteria for IPsec products for our
> aug/sep certification round (any vendor that will have PRODUCTION systems
> by July should subscribe to ipsec@icsa.net (majordomo list)).
> 
> Right now I have 3DES grouped with IDEA and CAST as 'extra security'.  If
> there is strong concensus among vendors and customers on 3DES, we could
> move 3DES to the baseline testing.
> 
> Looking for input.  Note our testing need not, and in fact when dealing
> with rekeying be locked down to the MUSTs.
> 
> Robert Moskowitz
> ICSA
> Security Interest EMail: rgm-sec@htt-consult.com

---

References:

• Re: 3DES (was: ipsec vs. firewalls)
• From: Robert Moskowitz <rgm-sec@htt-consult.com>

---

• Prev by Date: Re: ipsec vs. firewalls
• Next by Date: Re: Latest AH/ESP/Arch drafts and changes
• Next by thread: RE: [Karen Seo: Thomas Narten -- clarification, etc.]
• Index(es):
  • Main
  • Thread