RE: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms

["Yoav Nir" <ynir@CheckPoint.com>]

DES may be too weak for some applications, but it is a widely used standard.
It is up to the user to decide whether DES is strong enough for their
application or not.  We wish the standards to ensure interoperability, and
that means AES, 3DES and DES because these are widely implemented.

Blowfish and IDEA are relatively rare, and have not received the scrutiny
that DES and AES have.  That's why they should be discouraged.  Not because
they are weak, but because we don't know for sure how weak they are.

I agree though, that the argument for DES is no longer as strong as it was a
few years ago, when you had to support DES (and a DES-only license) to
export an encryption product out of the US.

-----Original Message-----
From: owner-ipsec@lists.tislabs.com
[mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Paul Koning
Sent: Wednesday, June 11, 2003 3:54 PM
To: ynir@CheckPoint.com
Cc: paul.hoffman@vpnc.org; ipsec@lists.tislabs.com
Subject: RE: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms


>>>>> "Yoav" == Yoav Nir <ynir@checkpoint.com> writes:

 Yoav> So RC4, Blowfish and IDEA are "MAY", but DES is "SHOULD NOT"?
 Yoav> I think those should be at least as discouraged as DES.

Why?  DES is known to be weak (inadequate key size), while the others
are (unless I missed something recent) not substantially weaker than
exhaustive search of their key.

Then again, RC4 shouldn't be in there at all since there is no spec
for the use of RC4 in IPsec.  Blowfish and IDEA are questionable for
the same reason, although there the generic CBC spec arguably can be
used.

      paul