[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Suggested wording for weak key lengths in IKEv2

On Thu, 26 Jun 2003, Paul Hoffman / VPNC wrote:
> - ENCR_DES_IV64 and ENCR_DES be listed as "SHOULD NOT"
> - A sentence be added to the end of that section as a free-standing 
> paragraph that says: "Implementations that use algorithms with 
> variable-length keys SHOULD NOT use keys that are weaker than the 
> effective strength of ENCR_3DES."

This sounds good to me, except that I would be tempted to pin down the
latter more by adding "(112 bits)" at the end.

                                                          Henry Spencer