[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms

To: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>
Subject: Re: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
From: Geoff Keating <geoffk@geoffk.org>
Date: 11 Jun 2003 14:44:57 -0700
Cc: ipsec@lists.tislabs.com
In-Reply-To: <p05210602bb0d0633620f@[63.202.92.152]>
References: <16103.11318.799282.793338@pkoning.dev.equallogic.com><000401c33027$f5ca27b0$292e1dc2@YnirNew><16103.13425.642338.266792@pkoning.dev.equallogic.com><p05210602bb0d0633620f@[63.202.92.152]>
Sender: owner-ipsec@lists.tislabs.com
User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7

Paul Hoffman / VPNC <paul.hoffman@vpnc.org> writes:

> At 9:53 AM -0400 6/11/03, Paul Koning wrote:
> >  >>>>> "Yoav" == Yoav Nir <ynir@checkpoint.com> writes:
> >
> >  Yoav> So RC4, Blowfish and IDEA are "MAY", but DES is "SHOULD NOT"?
> >  Yoav> I think those should be at least as discouraged as DES.
> >
> >Why?  DES is known to be weak (inadequate key size), while the others
> >are (unless I missed something recent) not substantially weaker than
> >exhaustive search of their key.
> 
> Any algorithm with a variable key size could be considerably weaker
> than DES. Unless you are going to start listing key sizes and giving
> each size a rating, saying SHOULD NOT for DES but MAY for some other
> algorithm that can use 40-bit keys is silly.

It might be a good idea to have a SHOULD NOT for too-short key lengths
(maybe under 'Security Considerations'), independent of algorithm.
The IKE RFC, for instance, says

> For this reason, a prf function whose output is less than 128 bits
> (e.g., 3DES-CBC) MUST never be used with this protocol.

Proposed wording is:

Implementors and administrators should carefully consider what
algorithms and key sizes are appropriate for each situation; as a
minimum, an implementation SHOULD NOT use an algorithm with a key size
of 64 bits or less in its default configuration.

-- 
- Geoffrey Keating <geoffk@geoffk.org>

References:
- Re: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
  - From: Paul Koning <pkoning@equallogic.com>
- RE: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
  - From: "Yoav Nir" <ynir@CheckPoint.com>
- RE: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
  - From: Paul Koning <pkoning@equallogic.com>
- RE: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
  - From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>

Prev by Date: Re: Fwd: LAST CALL: IKE Crypto documents I-D's
Next by Date: RE: LAST CALL: IKE Crypto documents I-D's
Prev by thread: Re: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
Next by thread: Re: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
Index(es):
- Date
- Thread