[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms

To: ynir@CheckPoint.com
Subject: RE: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
From: Paul Koning <pkoning@equallogic.com>
Date: Wed, 11 Jun 2003 09:53:53 -0400
Cc: paul.hoffman@vpnc.org, ipsec@lists.tislabs.com
References: <16103.11318.799282.793338@pkoning.dev.equallogic.com><000401c33027$f5ca27b0$292e1dc2@YnirNew>
Sender: owner-ipsec@lists.tislabs.com

>>>>> "Yoav" == Yoav Nir <ynir@checkpoint.com> writes:

 Yoav> So RC4, Blowfish and IDEA are "MAY", but DES is "SHOULD NOT"?
 Yoav> I think those should be at least as discouraged as DES.

Why?  DES is known to be weak (inadequate key size), while the others
are (unless I missed something recent) not substantially weaker than
exhaustive search of their key.

Then again, RC4 shouldn't be in there at all since there is no spec
for the use of RC4 in IPsec.  Blowfish and IDEA are questionable for
the same reason, although there the generic CBC spec arguably can be
used. 

      paul

Follow-Ups:
- RE: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
  - From: "Yoav Nir" <ynir@CheckPoint.com>
- RE: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
  - From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>

References:
- Re: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
  - From: Paul Koning <pkoning@equallogic.com>
- RE: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
  - From: "Yoav Nir" <ynir@CheckPoint.com>

Prev by Date: RE: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
Next by Date: Re: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
Prev by thread: RE: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
Next by thread: RE: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
Index(es):
- Date
- Thread