[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
It MAY be simple, but it is wrong, so it SHOULD NOT be used. WEP offers
128-bit keys, but only 24-bit security (or 12, depending on your definition)
[mailto:firstname.lastname@example.org]On Behalf Of David Wagner
Sent: Monday, June 16, 2003 6:39 AM
Subject: Re: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
Yoav Nir wrote:
>Why not make the requirement about effective strength? That way, if ever
>turns out that AES_128 can be broken in 2**90 steps, it automatically
>becomes a SHOULD NOT.
I don't recommend this.
I can just see the debates this might spawn. Cryptographers
already can't agree whether the Courtois-Pieprzyk attack works or
not, and that might be a 2^80 attack on AES -- if it works
(which nobody knows).
I'd recommend to keep it simple. KISS. Isn't it easier to simply write
that implementors SHOULD NOT use key sizes shorter than the default