[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: starting on asking THE QUESTION



At 14:55 15.7.1999 +0200, Robert wrote:
>
>             - DES in CBC mode [MD97]
>             - HMAC with MD5 [MG97a]
>             - HMAC with SHA-1 [MG97b]
>             - NULL Authentication algorithm
>             - NULL Encryption algorithm
>

Rodney wrote:
> I think we need to have a second cipher to use, in the event 3DES is
> found to be unsafe.  This is not a reflection on the quality of 3DES.
> In my opinion there are genuine legitimate concerns about the use of
> DES, and there are definitely people out there in the commercial world
> who wish to phase out it's use.

There is no actual need to do anything.
Everybody has implemented 3DES.
We do have a second cipher to use, and even a third one,
CAST-128 and blowfish. If people in the commercial world wish
to use something else than DES, they can.

If we add a "SHOULD implement CAST-128", does it matter? 

While we're at it, I'm very annoyed that there still are no
values for using DESX in ISAKMP and IPsec. Could
Mr. Tero "I have more ciphers than you have bits in your key" Kivinen 
please start the allocation of values to negotiate DESX, MARS, 
RC6, Rijndael, TwoFish and skipjack? Both Phase I and II.
There are so many open slots, it wouldn't matter if we allocate
numbers for all AES candidates.

Jörn



Follow-Ups: