Minor points about 3DES below (likely redundant). > -----Original Message----- > From: IPsec <ipsec-boun...@ietf.org> On Behalf Of Robert Moskowitz > > Just as an aside thought about 3DES: > > perhaps you saw my questions to the CFRG list where I have exactly 64 bits > to > encrypt and no place for an IV or such. > > One of the serious suggestions WAS 3DES with 3 keys. >
[DB] Yes, but "serious" is not the right word. Also, just to be super-clear, this was not a CFRG suggestion! > > But for only 64 bits to encrypt, 3DES is a consideration. > > Nah. [DB] Last week, I looked up what NIST documents say about 3DES. https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final If I read them correctly, this document implies something like: - NO: new deployment of 3DES - OK: old deployment of 3DES encryption, until 2023, then NO more 3DES encryption. - OK: old deployment of 3DES decryption (e.g. to decrypt archived stuff). Not sure how much IPSec wants to follow NIST. Presumably they do for 3DES, since 3DES is NIST's? The text below sounds to me like IPSec is already trying to do something along the NIST guidelines. (So, info above I wrote above is already well-known to IPSec.) > > One of the problems is that we as an IETF give instructions to > > implementors, not to users. If we change 3DES MUST NOT, then all > > implementations out there who do implement 3DES, but where it is > > disabled in configuration by default are no longer conformant to the > > new RFC, as they do still implement 3DES. > > > > Anybody who puts 3DES in any of the new implementations or new > > releases of the current implementations are going against the SHOULD > > NOT in the current RFC. > > > > Meaning they most likely have some old legacy stuff they need to > > support which only supports 3DES and thats why they want to keep 3DES > > in their current releases as they want to be able to talk to those. > > > > I would wait bit more than 2.5 years before saying MUST NOT. > > > >> In particular, would a general-purpose OS's implementation cause > >> problems for its consumers if the next release dropped support? > >> (Noting that consumers could stay on an old OS release to match the > >> old algorithms, at least for a while.) > > Especially with consumers and general-purpose OS there is no option > > for using old OS release anymore. Most of those will automatically > > update to latest version, and there usually isn't any easy way to > > downgrade back to previous version when issues are found. ---------------------------------------------------------------------- This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
