[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms

At 4:48 PM +0000 6/11/03, David Wagner wrote:
>I don't recall a MAY requirement for any 40-bit cipher. We debated
>40-bit ciphers a long time ago (remember export controls?), and we came
>to consensus many years ago that 40-bit ciphers have no place in IPSec.
>Are you saying there is a MAY requirement for a 40-bit cipher?  If so,
>that should be fixed, but I don't believe it.

draft-ietf-ipsec-ikev2-algorithms-02.txt, the document under 
discussion, has MAY level for many encryption algorithms that have 
key sizes down to 40. It's pretty clear in the draft, regardless of 
what you believe.

>By the way, what matters is not whether a cipher could support 40-bit
>keys, but whether, /as standardized in IPSec/, it uses 40-bit keys.
>There's nothing wrong with the former; but the latter is to be avoided.

Anyone who wanted to write a replacement for RFC 2451 has had almost 
five years to do so; so far, no one has.

--Paul Hoffman, Director
--VPN Consortium