[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: What is the standardization status of AES in IPSec?



I think you are asking for key exchange groups that match the
*maximum* strength of each AES key.  But can you say why that is that
actually necessary, at this time?

As for explaining strength issues, there's
draft-orman-public-key-lengths-05.txt.

Hilarie

>  > I'm curious as to how many people believe that a MUST for a 128-bit AES
>  > key means a MUST for 128 bits of entropy in the key.

>  I don't. While I believe we should move to AES as soon as possible, I
>  don't necessarily believe in the statement that all components of the
>  protocol set must be equally strong; you should be able to take advantage
>  of a new good algorithm even if you can't for e.g. computational reasons
>  increase Diffie-Hellman key lengths quite as much.

>  Thus, I believe we should standardize groups matching AES strength,
>  but not make them mandatory. And we need to explain the strength
>  issues somewhere.

>  Jari