[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Suggested wording for weak key lengths in IKEv2



> NO NO NO NO NO!  That means we have a standard which means different
> things to different people, and nobody can tell which interpretation is
> right!  This is TOTALLY UNACCEPTABLE.
> 
> If the problem is that people don't agree on 3DES's "effective strength",
> then get rid of those words, and say something people can understand and
> agree on, like "minimum 100 bits".

Agreed.  

We know that the key size is an upper bound on effective strength.
And it's an objective measure which doesn't change as research
evolves.

To select an actual value quickly, maybe we should just pick N
cryptographers at random, have each suggest a recommended minimum
symmetric key bit length and just take the average. ;-)

					- Bill