The need to interoperate with older implementations, as well as Yoav's
justification of having a widely implemented algorithm as a backup for
AES, both seem to argue for keeping 3DES as a MAY or MAY-.
I suggest to include a concrete recommendation on rekeying. We could
argue the numbers forever, but I think a 1/1,000,000 probability for a
single collision is good enough. So we could RECOMMEND a rekey once
every 50 MB sent.
Thanks,
Yaron
--
It is not a question of implementing new: *all* new systems coming into
the VPNC lab have AES-CBC, and have for a few years. However, if those
implementations want to interoperate with older implementations, they
need to also have 3DES. Thus, a "MAY" for 3DES with a clear explanation
why it is inappropriate in high-volume implementations would be
valuable. --Paul Hoffman
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
