On Tue, 21 Apr 2020, Dan Brown wrote:
[DB] Last week, I looked up what NIST documents say about 3DES. https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final If I read them correctly, this document implies something like: - NO: new deployment of 3DES - OK: old deployment of 3DES encryption, until 2023, then NO more 3DES encryption. - OK: old deployment of 3DES decryption (e.g. to decrypt archived stuff). Not sure how much IPSec wants to follow NIST. Presumably they do for 3DES, since 3DES is NIST's? The text below sounds to me like IPSec is already trying to do something along the NIST guidelines. (So, info above I wrote above is already well-known to IPSec.)
There is also the SP800-77 rev 1 draft "Guide for IPsec" https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-77r1-draft.pdf Which puts 3DES (TDEA) into the "Legacy" category. It also states: When migrating from IKEv1 to IKEv2, an upgrade of the algorithms used is strongly recommended. 3DES, MD5, SHA-1 and DH Group 2 and 5 should not be used. The Triple DES (3DES) encryption algorithm is no longer recommended. It is much slower than AES-GCM and AES-CBC, and it requires more frequent rekeying to avoid birthday attacks due to its smaller block size of 64 bits. Paul _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
