[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SHOULD NOT DES (was RE: Editorial: Use of MAY...)

To: Bill Sommerfeld <sommerfeld@east.sun.com>
Subject: Re: SHOULD NOT DES (was RE: Editorial: Use of MAY...)
From: Tobias Poppe <udta@stud.uni-karlsruhe.de>
Date: Wed, 11 Jun 2003 23:35:41 +0200
Cc: IP Security List <ipsec@lists.tislabs.com>
In-Reply-To: <200306111554.h5BFsXq3001831@thunk.east.sun.com>
References: <Pine.BSI.3.91.1030611105602.20473J-100000@spsystems.net> <200306111554.h5BFsXq3001831@thunk.east.sun.com>
Sender: owner-ipsec@lists.tislabs.com
User-Agent: Mutt/1.4.1i

Hi,

On Wed, Jun 11, 2003 at 11:54:33AM -0400, Bill Sommerfeld wrote:
> > The FreeS/WAN project dropped single-DES support over four years ago, at
> > management insistence.  This caused surprisingly few interoperability
> > problems.  (There were one or two.)  I think it is now quite safe to say
> > that DES-only environments involve either obsolete software or specialized
> > requirements -- a perfect case for SHOULD NOT.
> 
> One more vote for SHOULD NOT.

One more vote for SHOULD NOT.

Single-DES should be treated like NULL cipher. It has been broken.
People will start laughting at you if this goes into the RFC any different
than SHOULD NOT.

> 						- Bill

-tp
p.s. I actually know people who are already 'amused' that this topic
requires such an extensive discussion.
p.s.s.: History taught us that the 'we let it up to the user to decide'-attitude
does not work in the real world.

References:
- SHOULD NOT DES (was RE: Editorial: Use of MAY...)
  - From: Henry Spencer <henry@spsystems.net>
- Re: SHOULD NOT DES (was RE: Editorial: Use of MAY...)
  - From: Bill Sommerfeld <sommerfeld@east.sun.com>

Prev by Date: Re: SHOULD NOT DES (was RE: Editorial: Use of MAY...)
Next by Date: question about IKE on IPv4 and IPv6
Prev by thread: Re: SHOULD NOT DES (was RE: Editorial: Use of MAY...)
Next by thread: RE: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
Index(es):
- Date
- Thread