Re: Suggested wording for weak key lengths in IKEv2

[Paul Hoffman / VPNC <paul.hoffman@vpnc.org>]

At 3:56 PM -0400 6/26/03, Paul Koning wrote:
>  Paul> - A sentence be added to the end of that section as a
>  Paul> free-standing paragraph that says: "Implementations that use
>  Paul> algorithms with variable-length keys SHOULD NOT use keys that
>  Paul> are weaker than the effective strength of ENCR_3DES."
>
>How about "... strength of ENCR_3DES (112 bits)."  Otherwise it might
>cause confusion, because some will think that this rules out 128-bit
>keys, which isn't the intent.

As noted on the list, not everyone agrees that the effective strength 
of TripleDES is 112 bits, given differing values for amount of RAM 
and so on. I think it is better to just leave it as "effective 
strength" and let folks decide what that means.

If anyone reads the sentence and think that it means that AES-128 
(which is listed as a SHOULD) is weaker than TripleDES, well, I don't 
think I would call them an implementer that we need to worry about...

--Paul Hoffman, Director
--VPN Consortium