[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Réf. : Re: What is the standardization status ofAES in IPSec?




I wonder what is the use of having symetric algorithms with
keys longer than 128bits. All the papers I read show that is sufficient for
protecting data
in the next 20 years ... And is data worth being protected during 20 years
sent over the wires ?

As I see things, IPsec provides a kind of 'tactical' security : it protects
data during the time sufficient
for making it irrelevant for an attacker. If I send my credit card number
on the Internet, the information
is valid for at most two years. If I send the price of a new range of
products, it is confidential
while my products aren't for sale in a shop.

Consequently, If I had to design a fully-secure Ipsec implementation, I
would focus on having good
entropy in keys rather than the longest key size possible. And I do agree
with you that mandating
"good" entropy isn't a good idea : it would remove a way to fine-grain
systems' security (i.e. for export
purpose).

Regards
--
Romain Berrendonner



                                                                                                                                    
                    Paul Koning                                                                                                     
                    <pkoning@equallogic        Pour :  jari.arkko@kolumbus.fi                                                       
                    .com>                      cc :    ipsec@lists.tislabs.com, (ccc : Romain BERRENDONNER/DRD/SAGEM)               
                    Envoyé par :               Objet :      Re: What is the standardization status of AES in IPSec?                 
                    owner-ipsec@lists.t                                                                                             
                    islabs.com                                                                                                      
                                                                                                                                    
                                                                                                                                    
                    04/02/2002 20:18                                                                                                
                                                                                                                                    
                                                                                                                                    




>>>>> "Jari" == Jari Arkko <jari.arkko@kolumbus.fi> writes:

 >> I'm curious as to how many people believe that a MUST for a
 >> 128-bit AES key means a MUST for 128 bits of entropy in the key.

 Jari> I don't. While I believe we should move to AES as soon as
 Jari> possible, I don't necessarily believe in the statement that all
 Jari> components of the protocol set must be equally strong; you
 Jari> should be able to take advantage of a new good algorithm even
 Jari> if you can't for e.g. computational reasons increase
 Jari> Diffie-Hellman key lengths quite as much.

 Jari> Thus, I believe we should standardize groups matching AES
 Jari> strength, but not make them mandatory. And we need to explain
 Jari> the strength issues somewhere.

Agreed 100%.  Make sure the option is there -- don't mandate it.

       paul