Re: [Ipsec] Key length attribute (was: Important changes in draft-hoffman-rfc3664bis; please review)
Paul Hoffman <paul.hoffman@vpnc.org> Thu, 13 October 2005 20:25 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EQ9eG-0003JU-L0; Thu, 13 Oct 2005 16:25:56 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EQ9eF-0003JP-1g for ipsec@megatron.ietf.org; Thu, 13 Oct 2005 16:25:55 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA15378 for <ipsec@ietf.org>; Thu, 13 Oct 2005 16:25:51 -0400 (EDT)
Received: from above.proper.com ([208.184.76.39]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EQ9oo-0008Rr-2d for ipsec@ietf.org; Thu, 13 Oct 2005 16:36:51 -0400
Received: from [10.20.30.249] (dsl2-63-249-92-231.cruzio.com [63.249.92.231]) (authenticated bits=0) by above.proper.com (8.12.11/8.12.9) with ESMTP id j9DKPkVE023779; Thu, 13 Oct 2005 13:25:46 -0700 (PDT) (envelope-from paul.hoffman@vpnc.org)
Mime-Version: 1.0
Message-Id: <p0623091cbf747314f936@[10.20.30.249]>
In-Reply-To: <20051013135917.GG3069@everywhere.east.sun.com>
References: <B356D8F434D20B40A8CEDAEC305A1F24019A5FB6@esebe105.NOE.Nokia.com> <20051013135917.GG3069@everywhere.east.sun.com>
Date: Thu, 13 Oct 2005 13:25:44 -0700
To: Dan McDonald <danmcd@sun.com>, Pasi.Eronen@nokia.com
From: Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [Ipsec] Key length attribute (was: Important changes in draft-hoffman-rfc3664bis; please review)
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: e5ba305d0e64821bf3d8bc5d3bb07228
Cc: ipsec@ietf.org, kivinen@iki.fi
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IP Security <ipsec.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
Sender: ipsec-bounces@ietf.org
Errors-To: ipsec-bounces@ietf.org
At 9:59 AM -0400 10/13/05, Dan McDonald wrote: > > Does this look right to you? > >Except for one thing, yes it does. > >That one thing: > > - IKE is supposed to be algorithm-agile. Let's say some grinning > weirdo comes up with a better-than-AES algorithm, or worse, some > other grinning weirdo breaks AES and we NEED a new cipher. > > How will we handle ciphers in the future? > >There are two ways to solve this: > > 1.) All algorithms must have a default key length that is used when > no key-length attribute is present. This means picking a default > size for AES. > > 2.) All new algorithms with variable-sized keys are treated like AES, > and MUST include a key-length attribute. > >I don't care which one of those two is picked, but one of them must be used >to maintain algorithm-agility. I strongly support the second one. Default key lengths are of no use to the user, and are easy to mis-implement, particularly many years from now when the vogue may change. --Paul Hoffman, Director --VPN Consortium _______________________________________________ Ipsec mailing list Ipsec@ietf.org https://www1.ietf.org/mailman/listinfo/ipsec
- [Ipsec] Key length attribute (was: Important chan… Pasi.Eronen
- Re: [Ipsec] Key length attribute (was: Important … Dan McDonald
- Re: [Ipsec] Key length attribute (was: Important … Paul Hoffman
- [Ipsec] Key length attribute (was: Important chan… Tero Kivinen
- RE: [Ipsec] Key length attribute (was: Important … Pasi.Eronen
- RE: [Ipsec] Key length attribute (was: Important … Tero Kivinen