(Encryption) ENCR_3DES Comment: In October 1999, FIPS 64-3 the former specification for 3DES was withdrawn, so it would be better to cite "National Institute of Standards and Technology, Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher, Special Publication 800-67, May 2004" than RFC2451
(Integrity) AUTH_HMAC_SHA1_96 and (Key Derivation) PRF_HMAC_SHA1 Comment: With respect to requiring SHA1, consideration should be given to the following NIST guidelines that were issued on March 15, 2006: "The SHA-2 family of hash functions (i.e., SHA-224, SHA-256, SHA-384 and SHA-512) may be used by Federal agencies for all applications using secure hash algorithms. Federal agencies should stop using SHA-1 for digital signatures, digital time stamping and other applications that require collision resistance as soon as practical, and must use the SHA-2 family of hash functions for these applications after 2010." Ray Bell Grid Net, Inc. -----Original Message----- From: Bernard Aboba [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 22, 2006 9:30 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: [email protected] Subject: Re: [Emu] EAP-GPSK: Ciphersuites > >let us for a moment assume that RFC 4307 makes some reasonable algorithm >choices (we are talking about IKEv2 here). If we take the text and apply it >to EAP-GPSK then we would produce something like: > >Conservative Choice: >----------------------- > >(Integrity) > AUTH_HMAC_SHA1_96 2 [RFC2404] MUST > >(Encryption) > ENCR_3DES 3 [RFC2451] MUST- > >(Key Derivation) > PRF_HMAC_SHA1 2 [RFC2104] MUST > >(Note that there is no MUST for encryption algorithms specified in RFC >4307.) > > >Choice for the Future: >----------------------- > >(Encryption) > ENCR_AES_CBC 12 [AES-CBC] SHOULD+ > >(Integrity) > AUTH_AES_XCBC_96 5 [AES-MAC] SHOULD+ > >(Key Derivation) > PRF_AES128_CBC 4 [AESPRF] SHOULD+ > >Does this sound like a terrible bad idea? Actually, it sounds reasonable to me. _______________________________________________ Emu mailing list [email protected] https://www1.ietf.org/mailman/listinfo/emu _______________________________________________ Emu mailing list [email protected] https://www1.ietf.org/mailman/listinfo/emu
