[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
>>>>> "Yoav" == Yoav Nir <ynir@CheckPoint.com> writes:
Yoav> DES may be too weak for some applications, but it is a widely
Yoav> used standard. It is up to the user to decide whether DES is
Yoav> strong enough for their application or not. We wish the
Yoav> standards to ensure interoperability, and that means AES, 3DES
Yoav> and DES because these are widely implemented.
There are lots of RFCs that say SHOULD NOT or MUST NOT for security
weaknesses. Just because you can argue "the customer should decide
whether xyz is strong enough" doesn't justify a MAY there -- and I
don't think it does here, either.
Yoav> Blowfish and IDEA are relatively rare, and have not received
Yoav> the scrutiny that DES and AES have. That's why they should be
Yoav> discouraged. Not because they are weak, but because we don't
Yoav> know for sure how weak they are.
Ok, then the simple answer is to remove them entirely from the spec,
because they aren't really specified explicitly anyway for IPsec and
probably not implemented anywhere anyway.
paul