[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: your mail

To: jerome@psti.com
Subject: Re: your mail
From: "Derrell D. Piper" <ddp@network-alchemy.com>
Date: Thu, 15 Jul 1999 10:03:29 -0700
cc: ipsec@lists.tislabs.com, Bruce Schneier <schneier@counterpane.com>
In-reply-to: Your message of "Thu, 15 Jul 1999 12:05:54 EDT." <19990715120554.A3699@jerome.psti.com>
Sender: owner-ipsec@lists.tislabs.com

All,

> > I think giving users a choice is a bad idea, and
> > that one strong cipher is better than two strong ciphers.
> 
> if ipsec is deployed with 2 ciphers A and B, and a major weakness is found
> out in A, you still have the choice to use B.
> if A was the only cypher, you have to upgrade all the software/hardware.

I agree that by requiring two MUST's, we ensure that there is a viable
alternative in deployed implementations if one of the MUST ciphers should be
compromised in the future.  If there's only one, you're completed hosed.

RE: 3DES to historic when AES is announced

I would oppose this move at this time.  Even when AES is announced, there's no
way it's going to have had the same scrutiny that DES, hence 3DES, has had in
fielded implementations.  There will come a time when we want to deprecate
3DES, but that's not the day AES comes out.

RE: AES, in general

It seems a no-brainer to me that the AES choice be added to IPSEC as a MUST
implement cipher once it's decided.

Derrell

References:

Re: your mail

From: jerome@psti.com

Prev by Date: Re: your mail
Next by Date: RE: XAUTH?
Prev by thread: Re: your mail
Next by thread: Re: your mail
Index(es):
- Main
- Thread