On 10/22/12 8:32 PM, "Paul Hoffman" <[email protected]> wrote:
>On Oct 22, 2012, at 4:55 PM, David McGrew (mcgrew) <[email protected]> >wrote: > >> One thing that deserves to be on the agenda is a discussion of the need >>to >> update the ESP and AH crypto requirements, which have not been updated >> since 2007, and to provide guidance on how to use ESP and AH to achieve >> security goals. I have a draft proposing what that could look like, >> draft-mcgrew-ipsec-me-esp-ah-reqts-00. This is off-charter, but I >> believe that it is something that many people would agree is worth >>doing. > >You may be overstating that "many people" agree that it is worth doing, >but it is certainly worth discussing. > >> Of course, comments on the detailed requirements are welcome as well. > >Your listing of TripleDES as "SHOULD NOT" without any cryptographic >justification might raise some eyebrows. The issue is that 3DES has a 64-bit block instead of a 128-bit block; please see draft-irtf-cfrg-cipher-catalog-01 Section 2.2.3. (In retrospect, there should have been a citation in the draft.) David > >--Paul Hoffman _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
