[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Last ditch proposal for crypto suites



Hi Paul,

I agree with you. SHA1 is the right choice. No one has presented a plausible
argument why IPsec should migrate to SHA2 for data origin authenticity.

There are other selections needed to complete the cipher suite:

1. PRF
2. Diffie-Hellman group
3. RSA key size

SHA2 might be an appropriate choice to use in the PRF, given that was
designed with the intent of supporting 128- and 256-bit key derivation. I am
only raising a point for discussion, not making or defending a suggestion.

-- Jesse

> -----Original Message-----
> From: Paul Koning [mailto:pkoning@equallogic.com]
> Sent: Friday, August 30, 2002 7:29 AM
> To: Alten@attbi.com
> Cc: Charlie_Kaufman@notesdev.ibm.com; ipsec@lists.tislabs.com
> Subject: Re: Last ditch proposal for crypto suites
> 
> 
> >>>>> "Alex" == Alex Alten <Alten@attbi.com> writes:
> 
>  Alex> At 05:58 PM 8/29/2002 -0400, Charlie_Kaufman@notesdev.ibm.com
>  Alex> wrote:
>  >> I propose that we remove the text for a la carte negotiation from
>  >> the IKEv2 spec,
>  Alex> ...
> 
>  Alex> We only need to spec two MUST have suites.  RSA/3DES-CBC/SHA-1
>  Alex> and RSA/AES-CTR-128/SHA-2.  Forget the rest, they are going
>  Alex> into the dustbin of history.  Details like PFS, HMAC should be
>  Alex> the same across the suites.
> 
> I almost agree, except I'd make the second SHA-1 since SHA-2 is so
> new.  If people insist on SHA-2, then add RSA/AES/SHA-1 instead, as a
> third suite.
> 
>       paul
>