[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Suggested wording for weak key lengths in IKEv2

To: paul.hoffman@vpnc.org
Subject: Re: Suggested wording for weak key lengths in IKEv2
From: Paul Koning <pkoning@equallogic.com>
Date: Thu, 26 Jun 2003 15:56:44 -0400
Cc: ipsec@lists.tislabs.com
References: <p05210625bb20e838dccf@[165.227.249.150]>
Sender: owner-ipsec@lists.tislabs.com

>>>>> "Paul" == Paul Hoffman </ VPNC <paul.hoffman@vpnc.org>> writes:

 Paul> The issue that has the most issue numbers is the deprecating
 Paul> DES and weak keys issue in the ipsec-ikev2-algorithms
 Paul> document. To resolve it, I propose the following changes for
 Paul> section 4.1.3:

 Paul> - ENCR_DES_IV64 and ENCR_DES be listed as "SHOULD NOT"

Great.

 Paul> - A sentence be added to the end of that section as a
 Paul> free-standing paragraph that says: "Implementations that use
 Paul> algorithms with variable-length keys SHOULD NOT use keys that
 Paul> are weaker than the effective strength of ENCR_3DES."

How about "... strength of ENCR_3DES (112 bits)."  Otherwise it might
cause confusion, because some will think that this rules out 128-bit
keys, which isn't the intent.

      paul

Follow-Ups:
- Re: Suggested wording for weak key lengths in IKEv2
  - From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>

References:
- Suggested wording for weak key lengths in IKEv2
  - From: Paul Hoffman / VPNC <paul.hoffman@vpnc.org>

Prev by Date: RE: QoS selectors (was LAST CALL: IKE)
Next by Date: Re: Suggested wording for weak key lengths in IKEv2
Prev by thread: Re: Suggested wording for weak key lengths in IKEv2
Next by thread: Re: Suggested wording for weak key lengths in IKEv2
Index(es):
- Date
- Thread