[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms


> >Why not make the requirement about effective strength?  That way, if 
> >ever it turns out that AES_128 can be broken in 2**90 steps, it 
> >automatically becomes a SHOULD NOT.

That's fine for a working guideline within the WG, but we need to
produce protocol specifications that don't require implementers
to do a serious analysis of the latest cryptographic literature
to determine whether 128-bit AES still has an effective strength
of at least 100 bits.  IMHO, that's this WG's responsibility, and
the new document structure should make it easier to update cipher
recommendations/requirements as things change.

> It MAY be simple, but it is wrong, so it SHOULD NOT be used.  
> WEP offers 128-bit keys, but only 24-bit security (or 12, 
> depending on your definition)

Again, it's the WG's responsibility in keep junk like that
(including horribly weak ciphers) out of the protocol specs;
I can't believe any of the cryptographers in this WG would
allow something as weak/broken as WEP to survive WG Last Call.

David L. Black, Senior Technologist
EMC Corporation, 176 South St., Hopkinton, MA  01748
+1 (508) 293-7953             FAX: +1 (508) 293-7786
black_david@emc.com        Mobile: +1 (978) 394-7754