[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms

Paul Hoffman / VPNC  wrote:
>Any algorithm with a variable key size could be considerably weaker 
>than DES. Unless you are going to start listing key sizes and giving 
>each size a rating, saying SHOULD NOT for DES but MAY for some other 
>algorithm that can use 40-bit keys is silly.

I don't recall a MAY requirement for any 40-bit cipher.  We debated
40-bit ciphers a long time ago (remember export controls?), and we came
to consensus many years ago that 40-bit ciphers have no place in IPSec.
Are you saying there is a MAY requirement for a 40-bit cipher?  If so,
that should be fixed, but I don't believe it.

In short, I don't see how your argument is relevant to whether DES is
a SHOULD NOT, a MAY, or something else.

By the way, what matters is not whether a cipher could support 40-bit
keys, but whether, /as standardized in IPSec/, it uses 40-bit keys.
There's nothing wrong with the former; but the latter is to be avoided.