[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
Paul Hoffman / VPNC <email@example.com> writes:
> At 9:53 AM -0400 6/11/03, Paul Koning wrote:
> > >>>>> "Yoav" == Yoav Nir <firstname.lastname@example.org> writes:
> > Yoav> So RC4, Blowfish and IDEA are "MAY", but DES is "SHOULD NOT"?
> > Yoav> I think those should be at least as discouraged as DES.
> >Why? DES is known to be weak (inadequate key size), while the others
> >are (unless I missed something recent) not substantially weaker than
> >exhaustive search of their key.
> Any algorithm with a variable key size could be considerably weaker
> than DES. Unless you are going to start listing key sizes and giving
> each size a rating, saying SHOULD NOT for DES but MAY for some other
> algorithm that can use 40-bit keys is silly.
It might be a good idea to have a SHOULD NOT for too-short key lengths
(maybe under 'Security Considerations'), independent of algorithm.
The IKE RFC, for instance, says
> For this reason, a prf function whose output is less than 128 bits
> (e.g., 3DES-CBC) MUST never be used with this protocol.
Proposed wording is:
Implementors and administrators should carefully consider what
algorithms and key sizes are appropriate for each situation; as a
minimum, an implementation SHOULD NOT use an algorithm with a key size
of 64 bits or less in its default configuration.
- Geoffrey Keating <email@example.com>