[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 3DES (was: ipsec vs. firewalls)
Robert,
3DES should be baseline minimum.
Ron
--
Ronald A. Martin
IT Security Architect
Raytheon Systems Company
Box 92919 R11/M352
Los Angeles, CA 90009-2919
v310-364-8810 f310-322-1454
p800-208-8325 or 2088325@skymail.com
This is my personal opinion and not necessarily that of my employer.
Robert Moskowitz wrote:
>
> At 11:02 AM 5/8/98 -0400, Steve Bellovin wrote:
> >
> >A more interesting topic is whether or not 3DES should be mandatory-
> >to-implement. I suggest that it should be -- DES is obviously doomed
> >(pick your favorite time constant), and we should take that into
> >account. We're better off if the IPSEC boxes being deployed now are
> >ready to switch.
> >
> I am putting together the ICSA testing criteria for IPsec products for our
> aug/sep certification round (any vendor that will have PRODUCTION systems
> by July should subscribe to ipsec@icsa.net (majordomo list)).
>
> Right now I have 3DES grouped with IDEA and CAST as 'extra security'. If
> there is strong concensus among vendors and customers on 3DES, we could
> move 3DES to the baseline testing.
>
> Looking for input. Note our testing need not, and in fact when dealing
> with rekeying be locked down to the MUSTs.
>
> Robert Moskowitz
> ICSA
> Security Interest EMail: rgm-sec@htt-consult.com
References: