[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SHOULD NOT DES (was RE: Editorial: Use of MAY...)

> You're still jumping to conclusions -- the fact that you have not heard
> from me about the variable-length ciphers tells you nothing about my
> position on them, so you cannot legitimately infer that I consider dealing
> with them unimportant.  (And your "zero encryption" remark remains odd,
> because none of the RFC 2451 variable-length ciphers goes down to
> zero.)

And the null cipher for ESP is qualitatively different; it's an
alternative to AH for applications where privacy is clearly not

> My position on them actually lines up closely with David Wagner's most
> recent message:  they *are* lower priority -- not because they are better,
> but because they are little-used and do have at least the option of longer
> keys -- but it would nevertheless be good to deal with them too.  Dealing
> properly with DES, however, is *important*.

And, for the record, "What Henry Said".

						- Bill