[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Réf. : Re: Réf. : Re: What is thestandardization status of AES in IPSec?

To: Paul Koning <pkoning@equallogic.com>
Subject: Réf. : Re: Réf. : Re: What is thestandardization status of AES in IPSec?
From: "Romain BERRENDONNER" <romain.berrendonner@sagem.com>
Date: Tue, 5 Feb 2002 18:16:22 +0100
Cc: ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com


Thank you for your precision about the value of information being sent
over the wires. I fully agree that IPsec must be designed for any use,
including the one we don't think of.

BTW, I believed that 40 bits DES encryption for export was often usual 56
bits with
16 bits zeroed. I call it "limit the amount of entropy" ;-) But it suppose
it's
highly implementation-dependent.

Regards,
--
Romain Berrendonner



                                                                                                                               
                    Paul Koning                                                                                                
                    <pkoning@equal        Pour :  romain.berrendonner@sagem.com                                                
                    logic.com>            cc :    ipsec@lists.tislabs.com                                                      
                                          Objet :      Re: Réf. : Re: What is the standardization status of AES in IPSec?      
                    05/02/2002                                                                                                 
                    17:59                                                                                                      
                                                                                                                               
                                                                                                                               




Excerpt of message (sent 5 February 2002) by Romain BERRENDONNER:
>
> I wonder what is the use of having symetric algorithms with
> keys longer than 128bits. All the papers I read show that is sufficient
for
> protecting data
> in the next 20 years ... And is data worth being protected during 20
years
> sent over the wires ?

I would assume that it might be, absolutely.

> As I see things, IPsec provides a kind of 'tactical' security : it
protects
> data during the time sufficient
> for making it irrelevant for an attacker. If I send my credit card number
> on the Internet, the information
> is valid for at most two years.

Not true, unless your credit card company changes your credit card
number (not just its expiration date) when it renews the card.  That
happens occasionally but it is not routine in my experience.

In any case, I don't think it's in the IPsec protocol goals to
protect only data that's worth protecting no longer than a year or two.

> Consequently, If I had to design a fully-secure Ipsec implementation, I
> would focus on having good
> entropy in keys rather than the longest key size possible. And I do agree
> with you that mandating
> "good" entropy isn't a good idea : it would remove a way to fine-grain
> systems' security (i.e. for export
> purpose).

I don't know of any export controls that have ever limited the amount
of allowable entropy.  The only ones that have been used (in the USA,
at least) restrict key lengths.  And note that key length limitations,
while not completely gone, are very much less an issue than they were
in the past.  Finally, IPsec is in no way limited to exportable
encryption, nor should it be.  (See also RFC 1984.)

      paul

Prev by Date: Certificates from Verisign
Next by Date: RE: Certificates from Verisign
Prev by thread: RE: Certificates from Verisign
Next by thread: Interoperability test for AES.
Index(es):
- Date
- Thread