Hi Ray,
thanks for your thoughts on this subject.
Ray Bell schrieb:
(Encryption)
ENCR_3DES
Comment: In October 1999, FIPS 64-3 the former specification for 3DES was
withdrawn, so it would be better to cite "National Institute of Standards
and Technology, Recommendation for the Triple Data Encryption Algorithm
(TDEA) Block Cipher, Special Publication 800-67, May 2004" than RFC2451
Maybe someone should also update RFC 4307 to add a MUST for encryption
pointing to the changed reference or to add something else there.
For EAP-GPSK: A good hint.
(Integrity)
AUTH_HMAC_SHA1_96
and
(Key Derivation)
PRF_HMAC_SHA1
Comment: With respect to requiring SHA1, consideration should be given to
the following NIST guidelines that were issued on March 15, 2006:
"The SHA-2 family of hash functions (i.e., SHA-224, SHA-256, SHA-384 and
SHA-512) may be used by Federal agencies for all applications using secure
hash algorithms. Federal agencies should stop using SHA-1 for digital
signatures, digital time stamping and other applications that require
collision resistance as soon as practical, and must use the SHA-2 family of
hash functions for these applications after 2010."
That's inline with the two sets of cipher suites where one aims for a
usage in the future (denoted as SHOULD+) and the other one for a more
near-time usage (MUST).
RFC 4307 says that AES128_CBC is a SHOULD+ as a pseudo random function.
Ciao
Hannes
Ray Bell
Grid Net, Inc.
-----Original Message-----
From: Bernard Aboba [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 22, 2006 9:30 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Cc: emu@ietf.org
Subject: Re: [Emu] EAP-GPSK: Ciphersuites
let us for a moment assume that RFC 4307 makes some reasonable algorithm
choices (we are talking about IKEv2 here). If we take the text and apply it
to EAP-GPSK then we would produce something like:
Conservative Choice:
-----------------------
(Integrity)
AUTH_HMAC_SHA1_96 2 [RFC2404] MUST
(Encryption)
ENCR_3DES 3 [RFC2451] MUST-
(Key Derivation)
PRF_HMAC_SHA1 2 [RFC2104] MUST
(Note that there is no MUST for encryption algorithms specified in RFC
4307.)
Choice for the Future:
-----------------------
(Encryption)
ENCR_AES_CBC 12 [AES-CBC] SHOULD+
(Integrity)
AUTH_AES_XCBC_96 5 [AES-MAC] SHOULD+
(Key Derivation)
PRF_AES128_CBC 4 [AESPRF] SHOULD+
Does this sound like a terrible bad idea?
Actually, it sounds reasonable to me.
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www1.ietf.org/mailman/listinfo/emu
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www1.ietf.org/mailman/listinfo/emu