[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
At 4:48 PM +0000 6/11/03, David Wagner wrote:
>I don't recall a MAY requirement for any 40-bit cipher. We debated
>40-bit ciphers a long time ago (remember export controls?), and we came
>to consensus many years ago that 40-bit ciphers have no place in IPSec.
>Are you saying there is a MAY requirement for a 40-bit cipher? If so,
>that should be fixed, but I don't believe it.
draft-ietf-ipsec-ikev2-algorithms-02.txt, the document under
discussion, has MAY level for many encryption algorithms that have
key sizes down to 40. It's pretty clear in the draft, regardless of
what you believe.
>By the way, what matters is not whether a cipher could support 40-bit
>keys, but whether, /as standardized in IPSec/, it uses 40-bit keys.
>There's nothing wrong with the former; but the latter is to be avoided.
Anyone who wanted to write a replacement for RFC 2451 has had almost
five years to do so; so far, no one has.
--Paul Hoffman, Director