[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
Yoav Nir wrote:
>Why not make the requirement about effective strength? That way, if ever it
>turns out that AES_128 can be broken in 2**90 steps, it automatically
>becomes a SHOULD NOT.
I don't recommend this.
I can just see the debates this might spawn. Cryptographers
already can't agree whether the Courtois-Pieprzyk attack works or
not, and that might be a 2^80 attack on AES -- if it works
(which nobody knows).
I'd recommend to keep it simple. KISS. Isn't it easier to simply write
that implementors SHOULD NOT use key sizes shorter than the default