[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Suggested wording for weak key lengths in IKEv2

To: IP Security List <ipsec@lists.tislabs.com>
Subject: Re: Suggested wording for weak key lengths in IKEv2
From: Henry Spencer <henry@spsystems.net>
Date: Thu, 26 Jun 2003 14:48:36 -0400 (EDT)
In-Reply-To: <p05210625bb20e838dccf@[165.227.249.150]>
Sender: owner-ipsec@lists.tislabs.com

On Thu, 26 Jun 2003, Paul Hoffman / VPNC wrote:
> - ENCR_DES_IV64 and ENCR_DES be listed as "SHOULD NOT"
> - A sentence be added to the end of that section as a free-standing 
> paragraph that says: "Implementations that use algorithms with 
> variable-length keys SHOULD NOT use keys that are weaker than the 
> effective strength of ENCR_3DES."

This sounds good to me, except that I would be tempted to pin down the
latter more by adding "(112 bits)" at the end.

                                                          Henry Spencer
                                                       henry@spsystems.net

References:
- Suggested wording for weak key lengths in IKEv2
  - From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>

Prev by Date: RE: QoS selectors (was LAST CALL: IKE)
Next by Date: RE: QoS selectors (was LAST CALL: IKE)
Prev by thread: Suggested wording for weak key lengths in IKEv2
Next by thread: Re: Suggested wording for weak key lengths in IKEv2
Index(es):
- Date
- Thread