Re: [IPsec] RFC4301, rfc7321bis and Manual keys

2016-12-07 Thread Paul.Koning
On Dec 7, 2016, at 5:00 PM, Timothy Carlin > wrote: Hello All, I have some comments inline. On Wed, Dec 7, 2016 at 4:41 PM, Paul Wouters > wrote: ... Are people actually deploying this? The NIST USGv6

Re: [IPsec] Ben Campbell's Yes on draft-ietf-ipsecme-rfc7321bis-05: (with COMMENT)

2017-03-23 Thread Paul.Koning
> On Mar 23, 2017, at 5:37 AM, Tero Kivinen wrote: > > Paul Wouters writes: >>> -3: I wonder why "... is not to be used..." is not "... MUST NOT be >>> used...". But the section goes on to say if you do it anyway, you MUST >>> NOT use certain cryptosuites. So, does "... is not

Re: [IPsec] Ben Campbell's Yes on draft-ietf-ipsecme-rfc7321bis-05: (with COMMENT)

2017-03-16 Thread Paul.Koning
On Mar 16, 2017, at 4:13 PM, Frankel, Sheila E. (Fed) > wrote: Hi Dave, I don't have any strong feelings about MUST NOT vs. SHOULD NOT, but I wonder if it would help to clarify the reasoning behind it. For these algorithms, RFC6071

Re: [IPsec] Ben Campbell's Yes on draft-ietf-ipsecme-rfc7321bis-05: (with COMMENT)

2017-06-19 Thread Paul.Koning
> On Jun 19, 2017, at 11:16 AM, Eric Rescorla wrote: > > > > On Mon, Jun 19, 2017 at 7:45 AM, Paul Wouters wrote: > > Paul Wouters writes: > -3: I wonder why "... is not to be used..." is not "... MUST NOT be > used...". But the section goes on to say if you

Re: [IPsec] Modp-12288 and Modp-16384

2018-07-30 Thread Paul.Koning
Interesting item in the abstract: "... using a quantum circuit of at most 448.n^3.log2(n)+4090.n^3 Toffoli gates." In the past I've seen mention of qubit counts but not gate counts. While the gate count isn't exponential, it's nevertheless formidable. For 1000 bit inputs it translates to

Re: [IPsec] Modp-12288 and Modp-16384

2018-07-18 Thread Paul.Koning
> On Jul 18, 2018, at 10:55 AM, Scott Fluhrer (sfluhrer) > wrote: > > Answering to give some info about what we know about the likely capabilities > of Quantum Computers. > >> -Original Message- >> From: Tero Kivinen >> Sent: Tuesday, July 17, 2018 5:17 PM >> To: Scott Fluhrer

Re: [IPsec] On marking algorithms obsolete in IANA registries

2018-12-18 Thread Paul.Koning
> On Dec 18, 2018, at 1:39 AM, Valery Smyslov wrote: > > > [EXTERNAL EMAIL] > > Hi Paul, > > I think it is a good idea to have some indication in IANA about the current > status of the algorithm, > similar to recent changes in the TLS registry (and in fact I initiated this > discussion