RE: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms

["Yoav Nir" <ynir@CheckPoint.com>]

Why not make the requirement about effective strength?  That way, if ever it
turns out that AES_128 can be broken in 2**90 steps, it automatically
becomes a SHOULD NOT.

-----Original Message-----
From: owner-ipsec@lists.tislabs.com
[mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Black_David@emc.com
Sent: Saturday, June 14, 2003 1:31 AM
To: ipsec@lists.tislabs.com
Subject: RE: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms


> Me too.  With a statement that keys weaker than a certain
> level (say, 128 bits although 96 is probably enough) SHOULD
> NOT be used, I can live with DES being demoted to a SHOULD NOT.
>
> Still, I think that DES fits better with the definition of
> MAY: "One vendor may choose to include the item because a
> particular marketplace requires it or because the vendor
> feels that it enhances the product while another vendor may
> omit the same item."

We need to write requirements that have a reasonable lifetime;
keep in mind how long the MUST for DES survived.  DES is already
embarrassingly weak, and will only get weaker.

In the algorithms draft, I'd like to see:
	- SHOULD NOT use DES
	- SHOULD NOT use keys shorter than 128 bits
The latter is about key length, not effective strength of the
cipher against best known attack.

Thanks,
--David
----------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 176 South St., Hopkinton, MA  01748
+1 (508) 293-7953             FAX: +1 (508) 293-7786
black_david@emc.com        Mobile: +1 (978) 394-7754
----------------------------------------------------