[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: What is the standardization status of AES in IPSec?
I think you are asking for key exchange groups that match the
*maximum* strength of each AES key. But can you say why that is that
actually necessary, at this time?
As for explaining strength issues, there's
draft-orman-public-key-lengths-05.txt.
Hilarie
> > I'm curious as to how many people believe that a MUST for a 128-bit AES
> > key means a MUST for 128 bits of entropy in the key.
> I don't. While I believe we should move to AES as soon as possible, I
> don't necessarily believe in the statement that all components of the
> protocol set must be equally strong; you should be able to take advantage
> of a new good algorithm even if you can't for e.g. computational reasons
> increase Diffie-Hellman key lengths quite as much.
> Thus, I believe we should standardize groups matching AES strength,
> but not make them mandatory. And we need to explain the strength
> issues somewhere.
> Jari