[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Agenda for the Minneapolis meeting
If AES is a must, would export be an issue? I am not sure what the rules
around AES is. Would we then have to mandate the DH Group as well? I do not
want to re-hash the argument that at every IETF for the last 2 years we have
regarding this. In the networking world, and the security world, choices are
just a part of life. 3DES is a MUST, AES is a SHOULD, and DES is a NOT.
However, it is always the person deploying this technology that has to
understand the risks. A protocol does not define a security policy, but
facilitates its application.
Scott
----- Original Message -----
From: "Sandy Harris" <sandy@storm.ca>
To: <ipsec@lists.tislabs.com>
Sent: Thursday, March 15, 2001 9:26 AM
Subject: Re: Agenda for the Minneapolis meeting
> Dan Harkins wrote:
>
> > - advances in the state-of-the-art should depricate some of
the
> > mandatory options-- DES, group1-- and that can happen in a
> > rewrite.
>
> Can we please have AES as a MUST?
>
> It has survived really intensive analysis. The teams for other AES
candidates
> had several of the world's top people on them -- Biham, Coppersmith, ...
None
> of them found flaws in Rijndael.
>
> It is roughly 10 times 3DES speed in software. Schneier gives figures in
AC2
> that have Blowfish more than 3 times single DES speed. He says elsewhere
Twofish
> is faster than Blowfish, and AES tests showed Twofish and Rijndael roughly
> comparable.
>
> Finally, there are several readily available implementations with open
licenses.
> At least the reference implementation on the authors' site and Brian
Gladman's
> version.
Follow-Ups:
References: