[IPsec] revisiting 3DES and -graveyard
Benjamin Kaduk <kaduk@mit.edu> Wed, 15 April 2020 02:13 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6FCA33A151B for <ipsec@ietfa.amsl.com>; Tue, 14 Apr 2020 19:13:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QXddDs5DeUsu for <ipsec@ietfa.amsl.com>; Tue, 14 Apr 2020 19:13:25 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36A173A151A for <ipsec@ietf.org>; Tue, 14 Apr 2020 19:13:24 -0700 (PDT)
Received: from mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 03F2DLbm003434 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <ipsec@ietf.org>; Tue, 14 Apr 2020 22:13:23 -0400
Date: Tue, 14 Apr 2020 19:13:21 -0700
From: Benjamin Kaduk <kaduk@mit.edu>
To: ipsec@ietf.org
Message-ID: <20200415021321.GI88064@mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.12.1 (2019-06-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/IyE2dP17oKPFXeBgSs6hjfjXiIE>
Subject: [IPsec] revisiting 3DES and -graveyard
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Apr 2020 02:13:26 -0000
Hi all, I see in https://datatracker.ietf.org/meeting/104/materials/minutes-104-ipsecme-00 that we didn't want to get rid of 3DES at that time. Do we have a sense for how quickly that will change, the scope of existing deployments, etc.? In particular, would a general-purpose OS's implementation cause problems for its consumers if the next release dropped support? (Noting that consumers could stay on an old OS release to match the old algorithms, at least for a while.) Thanks, Ben
- [IPsec] revisiting 3DES and -graveyard Benjamin Kaduk
- Re: [IPsec] revisiting 3DES and -graveyard Paul Wouters
- [IPsec] revisiting 3DES and -graveyard Tero Kivinen
- Re: [IPsec] revisiting 3DES and -graveyard Michael Richardson
- Re: [IPsec] revisiting 3DES and -graveyard Robert Moskowitz
- Re: [IPsec] revisiting 3DES and -graveyard Benjamin Kaduk
- Re: [IPsec] revisiting 3DES and -graveyard Michael Richardson
- Re: [IPsec] revisiting 3DES and -graveyard Dan Brown
- Re: [IPsec] revisiting 3DES and -graveyard Paul Wouters