Re: [IPsec] revisiting 3DES and -graveyard

[Benjamin Kaduk <kaduk@mit.edu>]

Thanks all for the responses; this helps me get a better picture of the
state of things and our future direction!

On Wed, Apr 15, 2020 at 11:03:49AM -0400, Michael Richardson wrote:
> 
> Benjamin Kaduk <kaduk@mit.edu> wrote:
>     > I see in
>     > https://datatracker.ietf.org/meeting/104/materials/minutes-104-ipsecme-00
>     > that we didn't want to get rid of 3DES at that time.  Do we have a sense
>     > for how quickly that will change, the scope of existing deployments,
>     > etc.?
> 
>     > In particular, would a general-purpose OS's implementation cause problems
>     > for its consumers if the next release dropped support?  (Noting that
>     > consumers could stay on an old OS release to match the old algorithms, at
>     > least for a while.)
> 
> 1) They all have AES128, and have had it for at least a decade.
> 
> 2) general-purpose OS implementations are (sadly) *not* being used by the majority
>    of "VPN" users, whether that's site-to-site or remote-access.
>    Except on iOS and Android, where OS-provided IKEv2/IPsec is winning,
>    and I'll bet they could drop 3DES tomorrow.
> 
> The last time I have seen 3DES configured was for site-to-site VPNs between
> different (medical!) enterprises because neither side could be sure what the
> other side had, and equipment was old.  They didn't dare change the configuration, or
> replace the hardware.  (Cargo culting...) This was maybe 6 years ago.

Funnily enough, we see a similar thing in the Kerberos world, with 3DES
cross-realm keys set up decades ago that everyone is afraid to touch :)
(It turns out that most of the time you don't actually need to get both
administrators in the same room to update things, and it can be done
asynchronously and asymmetrically, by one administrator at a time.)

-Ben