[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
At 9:53 AM -0400 6/11/03, Paul Koning wrote:
> >>>>> "Yoav" == Yoav Nir <ynir@checkpoint.com> writes:
>
> Yoav> So RC4, Blowfish and IDEA are "MAY", but DES is "SHOULD NOT"?
> Yoav> I think those should be at least as discouraged as DES.
>
>Why? DES is known to be weak (inadequate key size), while the others
>are (unless I missed something recent) not substantially weaker than
>exhaustive search of their key.
Any algorithm with a variable key size could be considerably weaker
than DES. Unless you are going to start listing key sizes and giving
each size a rating, saying SHOULD NOT for DES but MAY for some other
algorithm that can use 40-bit keys is silly.
--Paul Hoffman, Director
--VPN Consortium