[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms

At 9:53 AM -0400 6/11/03, Paul Koning wrote:
>  >>>>> "Yoav" == Yoav Nir <ynir@checkpoint.com> writes:
>  Yoav> So RC4, Blowfish and IDEA are "MAY", but DES is "SHOULD NOT"?
>  Yoav> I think those should be at least as discouraged as DES.
>Why?  DES is known to be weak (inadequate key size), while the others
>are (unless I missed something recent) not substantially weaker than
>exhaustive search of their key.

Any algorithm with a variable key size could be considerably weaker 
than DES. Unless you are going to start listing key sizes and giving 
each size a rating, saying SHOULD NOT for DES but MAY for some other 
algorithm that can use 40-bit keys is silly.

--Paul Hoffman, Director
--VPN Consortium