[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
Why not make the requirement about effective strength? That way, if ever it
turns out that AES_128 can be broken in 2**90 steps, it automatically
becomes a SHOULD NOT.
-----Original Message-----
From: owner-ipsec@lists.tislabs.com
[mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Black_David@emc.com
Sent: Saturday, June 14, 2003 1:31 AM
To: ipsec@lists.tislabs.com
Subject: RE: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
> Me too. With a statement that keys weaker than a certain
> level (say, 128 bits although 96 is probably enough) SHOULD
> NOT be used, I can live with DES being demoted to a SHOULD NOT.
>
> Still, I think that DES fits better with the definition of
> MAY: "One vendor may choose to include the item because a
> particular marketplace requires it or because the vendor
> feels that it enhances the product while another vendor may
> omit the same item."
We need to write requirements that have a reasonable lifetime;
keep in mind how long the MUST for DES survived. DES is already
embarrassingly weak, and will only get weaker.
In the algorithms draft, I'd like to see:
- SHOULD NOT use DES
- SHOULD NOT use keys shorter than 128 bits
The latter is about key length, not effective strength of the
cipher against best known attack.
Thanks,
--David
----------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 176 South St., Hopkinton, MA 01748
+1 (508) 293-7953 FAX: +1 (508) 293-7786
black_david@emc.com Mobile: +1 (978) 394-7754
----------------------------------------------------