[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

No Subject

From: owner-ipsec@lists.tislabs.com
Date: Fri, 16 Jul 1999 08:49:29 -0400 (EDT)

with SMTP id MAA25564; Thu, 15 Jul 1999 12:59:01 -0500 (CDT)
Posted-Date: Thu, 15 Jul 1999 12:59:01 -0500 (CDT)
Message-Id: <4.1.19990715125053.00ab4530@mail.visi.com>
X-Sender: schneier@mail.visi.com
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 
Date: Thu, 15 Jul 1999 12:51:54 -0500
To: jerome@psti.com, ipsec@lists.tislabs.com
From: Bruce Schneier <schneier@counterpane.com>
Subject: Re: your mail
In-Reply-To: <19990715120554.A3699@jerome.psti.com>
References: <199907151404.KAA11142@lists.tislabs.com>
 <199907151404.KAA11142@lists.tislabs.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk

At 12:05 PM 7/15/99 -0400, jerome@psti.com wrote:
>On Thu, Jul 15, 1999 at 10:04:12AM -0400, Bruce Schneier wrote:
>[snip]
>
>> I think giving users a choice is a bad idea, and
>> that one strong cipher is better than two strong ciphers.
>
>if ipsec is deployed with 2 ciphers A and B, and a major weakness is found
>out in A, you still have the choice to use B.
>if A was the only cypher, you have to upgrade all the software/hardware.

There's not going to be a major weakness found in triple-DES.  That seems like
a pretty far-fetched thing to worry about.  I would spend my effort worrying
about the implementation security of IPSec.

Bruce
**********************************************************************
Bruce Schneier, President, Counterpane Systems     Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis, MN  55419      Fax: 612-823-1590
           Free crypto newsletter.  See:  http://www.counterpane.com

Prev by Date: Re: IPsec Aware Packet Sniffer
Next by Date: No Subject
Prev by thread: CHoosing a second manditory cipher for IPSec
Next by thread: No Subject
Index(es):
- Main
- Thread