[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last ditch proposal for crypto suites



Paul Koning <pkoning@equallogic.com> writes:
> I was mostly referring to the export control stuff, and you're right,
> that's only about a third of the total. 
> 
> Then again, while there may have been fairly good reasons back then to
> include DES, those clearly no longer apply.
Yes, because we now have AES.

>  Eric> I suspect you may be referring to the DH/DSS cipher suites as
>  Eric> well. I don't know for sure why those were there, but I don't
>  Eric> believe that it was in fact political, since it was done before
>  Eric> DH/DSS went royalty free and Netscape had an RSA license
>  Eric> anyway.
> 
> I wasn't, but that's another place where the situation has changed
> significantly. 
Actually, it hasn't as much as you'd think. Aside from the brief
period when DH was royalty free and RSA was not, the rationale
for DH was PFS. In practice it turns out that noone really
cares about PFS, at least for SSL. OTOH, it's possible that
noone would care about PFS for IPsec if we weren't so set on
giving it to them :(

> Trying to
> argue against suites based on the length of the SSL suite list is
> misleading.
The current problem with cipher suites is much more about
vanity algorithms than it is about the length of the 
existing cipher suite list. Because suites are monolithic,
a vanity algorithm means defining 5-8 new suites, not just
one algorithm ID.  That's why I'd like to see IPsec have
rules for what it takes to add a new algorithm ID.

-Ekr


-- 
[Eric Rescorla                                   ekr@rtfm.com]
                http://www.rtfm.com/