[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: new second mandatory IPsec cipher

To: "'ipsec@lists.tislabs.com'" <ipsec@lists.tislabs.com>
Subject: Re: new second mandatory IPsec cipher
From: "Armen M. Hayrapetyan" <armenh@hitegrity.sci.am>
Date: Wed, 14 Jul 1999 13:01:12 +0400
Sender: owner-ipsec@lists.tislabs.com

On Tue, 13 Jul 1999, Rodney Thayer wrote:

> We've been talking about declaring a second mandatory to implement cipher,
> or in some way declaring a new second cipher for IPsec.  This would be to
> change from DES and 3DES to 3DES and <something>.  It seems this needs
> to be discussed on the list.  So, here goes.
> 
> I think we need to have a second cipher to use, in the event 3DES is
> found to be unsafe.  This is not a reflection on the quality of 3DES.
> In my opinion there are genuine legitimate concerns about the use of
> DES, and there are definitely people out there in the commercial world
> who wish to phase out it's use.
> 
> What should we use instead?  Well, there are apparently three choices:
> 
> -- DESX
> -- BLOWFISH
> -- CAST-128

I think the list is too short (taking into account that DESX could be excluded
at once for apparent reasons).

The best solution would be to wait till the end of AES selection process, but
unfortunately it could take too long; and we also have our share of concerned
customers.

So if the decision must be made immediately I would like to add several
other algorithms to the list (maybe SAFER, IDEA). Or we can wait till the
end of the year and then consider some of the AES candidates, and by that
time IMHO it will be easy to guess which one has most chances to win.

-Armen

Prev by Date: Re: new second mandatory IPsec cipher - updated choice list
Next by Date: Re: new second mandatory IPsec cipher
Prev by thread: Re: new second mandatory IPsec cipher
Next by thread: Re: new second mandatory IPsec cipher
Index(es):
- Main
- Thread