[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Crypto algorithms for IKEv2
>>>>> "Phillip" == Phillip Hallam-Baker <Hallam-Baker> writes:
Phillip> At the RSA crypto panel Bruce told folk to use AES. better
Phillip> we all use the same thing.
Phillip> At this point I would rather we start deprecating algorithms
Phillip> rather than add more.
Phillip> I would especially like to get rid of RC4, including a
Phillip> stream cipher in a list of block ciphers is real bad news,
Phillip> especially when the traditional default has been a block
Phillip> cipher. There are lots of unexpected problems that occur
Phillip> with stream ciphers which is why lots of folk avoid them in
Phillip> designs.
Considering that IPsec doesn't work with stream ciphers, that would
seem to be a very good idea.
paul