[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms

Paul Hoffman / VPNC  wrote:
>draft-ietf-ipsec-ikev2-algorithms-02.txt, the document under 
>discussion, has MAY level for many encryption algorithms that have 
>key sizes down to 40. It's pretty clear in the draft, regardless of 
>what you believe.

Ok, I didn't realize that.  I'm not convinced this respects the consensus
established by the working group years ago, but arguing about this might
take us into a rathole from which we never recover, so let's not go there.

Instead, let me just note that the situation with
draft-ietf-ipsec-ikev2-algorithms-02.txt is very different from the
situation with DES.  DES can't go higher than 56 bits.  The algorithms
in draft-ietf-ipsec-ikev2-algorithms-02.txt go up to 128 bits and higher,
and indeed, their default is 128 bits.

So, I still think DES should be a SHOULD NOT.

And, if consistency matters, there's a simple fix.  Let's change
draft-ietf-ipsec-ikev2-algorithms-02.txt to make clear that short keys
SHOULD NOT be used, just like DES SHOULD NOT be used.  I'm fine with that.

I do think the DES issue is more important in practice than the
draft-ietf-ipsec-ikev2-algorithms-02.txt issue.  Not many implementations
will use, say, Blowfish, and for those that do, it's pretty unlikely
they will go out of their way to use a smaller-than-default key size.
(If they do, maybe they deserve what they get.)  But it is quite likely
that many implementations will use DES with its 56 bit keys.

As a result, I feel it is more important to fix the DES issue than to
worry about Blowfish minimum key sizes.  If we don't do anything, the
DES failure mode could become widespread, while the Blowfish failure
mode is likely to be very rare.

As a result, if there is some reason we can't fix the
draft-ietf-ipsec-ikev2-algorithms-02.txt minimum key size issue, we
shouldn't let that stop us from fixing the DES issue.  Getting security
right is more important than consistency.  But if we can fix the
ikev2-algorithms draft, I have no objection to upping the Blowfish
minimum key sizes, if that is preferable.  It's not a bad idea.