Paul Hoffman wrote:
> >You may be overstating that "many people" agree that it is worth doing,
> >but it is certainly worth discussing.
I'm definitely interested in that discussion, as I'm in the midst of
an update to the IPsec requirements for iSCSI.
David McGrew wrote:
> The issue is that 3DES has a 64-bit block instead of a 128-bit block;
> please see draft-irtf-cfrg-cipher-catalog-01 Section 2.2.3. (In
> retrospect, there should have been a citation in the draft.)
That suggests that an explanation of the birthday bound concern
along with a discussion of transmission rate and rekeying concerns
would be appropriate for the ESP and AH requirements draft, as
opposed to a blanket "SHOULD NOT" statement for 3DES.
A 1 Gbit/sec link running encrypted at line rate can get to the 4
Gigabyte birthday bound stated in the cfrg draft fairly quickly, but
a much slower throughput rate may take much longer before rekeying
becomes necessary, if ever (e.g., a remote access session's entire
traffic may be measured in 10s of Megabytes or less).
Aside - there may be a math error in the draft.
For a block size (w) of 64 (i.e., 2^6):
- w * 2^(w/2) bits = 2^6 * 2^32 bits = 2^38 bits
- 2^38 bits is 2^35 bytes (byte contains 8=2^3 bits)
- 2^35 bytes is 2^5 gigabytes (gigabyte contains 2^30 bits).
That would be 32 gigabytes, but this aside doesn't change the
above discussion, as a 1 Gbit/sec rate will get there in a few
minutes, and a 10 Gbit/sec rate will get there in under a minute.
Moreover the draft warns (with good reason) that getting close
to the birthday bound is not a good idea.
Thanks,
--David
----------------------------------------------------
David L. Black, Distinguished Engineer
EMC Corporation, 176 South St., Hopkinton, MA 01748
+1 (508) 293-7953 FAX: +1 (508) 293-7786
[email protected] Mobile: +1 (978) 394-7754
----------------------------------------------------
> -----Original Message-----
> From: [email protected] [mailto:[email protected]] On Behalf Of
> David McGrew (mcgrew)
> Sent: Tuesday, October 23, 2012 8:37 AM
> To: Paul Hoffman
> Cc: IPsecme WG; [email protected]
> Subject: Re: [IPsec] updating ESP and AH requirements (was: Call for agenda
> items)
>
>
>
> On 10/22/12 8:32 PM, "Paul Hoffman" <[email protected]> wrote:
>
> >On Oct 22, 2012, at 4:55 PM, David McGrew (mcgrew) <[email protected]>
> >wrote:
> >
> >> One thing that deserves to be on the agenda is a discussion of the need
> >>to
> >> update the ESP and AH crypto requirements, which have not been updated
> >> since 2007, and to provide guidance on how to use ESP and AH to achieve
> >> security goals. I have a draft proposing what that could look like,
> >> draft-mcgrew-ipsec-me-esp-ah-reqts-00. This is off-charter, but I
> >> believe that it is something that many people would agree is worth
> >>doing.
> >
> >You may be overstating that "many people" agree that it is worth doing,
> >but it is certainly worth discussing.
> >
> >> Of course, comments on the detailed requirements are welcome as well.
> >
> >Your listing of TripleDES as "SHOULD NOT" without any cryptographic
> >justification might raise some eyebrows.
>
> The issue is that 3DES has a 64-bit block instead of a 128-bit block;
> please see draft-irtf-cfrg-cipher-catalog-01 Section 2.2.3. (In
> retrospect, there should have been a citation in the draft.)
>
> David
>
> >
> >--Paul Hoffman
>
> _______________________________________________
> IPsec mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
