[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Suggested wording for weak key lengths in IKEv2
On Thu, 26 Jun 2003, Paul Hoffman / VPNC wrote:
> - ENCR_DES_IV64 and ENCR_DES be listed as "SHOULD NOT"
> - A sentence be added to the end of that section as a free-standing
> paragraph that says: "Implementations that use algorithms with
> variable-length keys SHOULD NOT use keys that are weaker than the
> effective strength of ENCR_3DES."
This sounds good to me, except that I would be tempted to pin down the
latter more by adding "(112 bits)" at the end.
Henry Spencer
henry@spsystems.net