[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms

>>>>> "Yoav" == Yoav Nir <ynir@checkpoint.com> writes:

 Yoav> So RC4, Blowfish and IDEA are "MAY", but DES is "SHOULD NOT"?
 Yoav> I think those should be at least as discouraged as DES.

Why?  DES is known to be weak (inadequate key size), while the others
are (unless I missed something recent) not substantially weaker than
exhaustive search of their key.

Then again, RC4 shouldn't be in there at all since there is no spec
for the use of RC4 in IPsec.  Blowfish and IDEA are questionable for
the same reason, although there the generic CBC spec arguably can be