Re: Slicing and dicing

"Theodore Y. Ts'o" <tytso@MIT.EDU> Fri, 12 September 1997 21:19 UTC

Received: (from majordom@localhost) by (8.8.2/8.8.2) id RAA10381 for ipsec-outgoing; Fri, 12 Sep 1997 17:19:43 -0400 (EDT)
Date: Fri, 12 Sep 1997 17:28:18 -0400
Message-Id: <199709122128.RAA05863@dcl.MIT.EDU>
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
To: Stephen Kent <>
Cc: Cheryl Madson <>,
In-Reply-To: Stephen Kent's message of Fri, 12 Sep 1997 16:31:27 -0400, <v03102816b03f554fed0a@[]>
Subject: Re: Slicing and dicing
Address: 1 Amherst St., Cambridge, MA 02139
Phone: (617) 253-8091
Precedence: bulk

I should I have acknowledged that it was Steve that pointed out to me
that the issue of weak and semi-weak keys really wasn't a big issue in
DES-CBC; my apologies for not pointing this out.  I agree with Steve's
suggestion that ISAKMP have a generic facility for rejecting keying
material if it is deemed to be insecure for some reason.  It would seem
to me that this would simply be a matter of defining a new ISAKMP Notify
Message Error Type:


... and then adding some text in the various encryption algorithm
documents stating that under some circumstances weak keys need to be
rejected using this ISAKMP error.  Given that weak keys are
algorithm-specific, it would seem that this text would have to go in the
encryption algorithm documents.

Would this satisfy folks?

BTW, I'd suggest not including the weak and semi-weak keys, and I'd
suggest NOT referencing Schneier; instead, I'd suggest referencing the
original FIPS documents, since that's much more authoratative, and they
*are* easily available on the web.

						- Ted