[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: What is the standardization status of AES in IPSec?

To: jari.arkko@kolumbus.fi
Subject: Re: What is the standardization status of AES in IPSec?
From: Paul Koning <pkoning@equallogic.com>
Date: Mon, 4 Feb 2002 14:18:34 -0500 (EST)
Cc: ipsec@lists.tislabs.com
References: <E16X575-0000VG-00@xmission.xmission.com><02bd01c1ac7d$f73c53e0$8a1b6e0a@arenanet.fi>
Sender: owner-ipsec@lists.tislabs.com

>>>>> "Jari" == Jari Arkko <jari.arkko@kolumbus.fi> writes:

 >> I'm curious as to how many people believe that a MUST for a
 >> 128-bit AES key means a MUST for 128 bits of entropy in the key.

 Jari> I don't. While I believe we should move to AES as soon as
 Jari> possible, I don't necessarily believe in the statement that all
 Jari> components of the protocol set must be equally strong; you
 Jari> should be able to take advantage of a new good algorithm even
 Jari> if you can't for e.g. computational reasons increase
 Jari> Diffie-Hellman key lengths quite as much.

 Jari> Thus, I believe we should standardize groups matching AES
 Jari> strength, but not make them mandatory. And we need to explain
 Jari> the strength issues somewhere.

Agreed 100%.  Make sure the option is there -- don't mandate it.

       paul

References:
- RE: What is the standardization status of AES in IPSec?
  - From: "Hilarie Orman, Purple Streak Development" <hilarie@xmission.com>
- Re: What is the standardization status of AES in IPSec?
  - From: "Jari Arkko" <jari.arkko@kolumbus.fi>

Prev by Date: RE: What is the standardization status of AES in IPSec?
Next by Date: Re: What is the standardization status of AES in IPSec?
Prev by thread: Re: What is the standardization status of AES in IPSec?
Next by thread: Re: What is the standardization status of AES in IPSec?
Index(es):
- Date
- Thread