[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: new second mandatory IPsec cipher
Although I'm no longer a regular reader of IPSec list, I've been directed
over here, as this affects the proposed AS that's been pending for a year.
Here are the mandatory to implement ciphers I recommended 2-3 years ago:
1) DESX to replace DES. Even before Deep Crack, we thought DES was weak,
and recommended it not be for long term use. After Deep Crack, it is
just foolhardy. DESX is very easy for vendors to retrofit into their
boxen. Ease of implementation wins in my book.
2) 3DES for stronger (financial) cryptography. It has been selected by
the banking community, and thus a good selling point. The core is
DES, which means it is easy to implement in existing code. See above.
3) CAST5-128. Speed. Memory. Key setup. Free. Wins in every category
that I'd hope for. I'd like to see a non-DES in the toolkit. I'm just
not confident that it has "enough" analysis for the "strongest" cipher.
Blowfish is OK, but I'm not sure vendors have enough room for it in the
product line. And there are memory and key setup issues.
I think having 3 mandatory to implement ciphers gives a nice range of
functionality, promotes interoperability, and provides an escape when
one proves too weak (as it did with DES).
Someday, there will be an AES selection. But, until then, keep the number
of MANDATORY to implement a very small number.
Rodney Thayer wrote:
>
> We've been talking about declaring a second mandatory to implement cipher,
> or in some way declaring a new second cipher for IPsec. ....
WSimpson@UMich.edu
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
References: