On Tue, 21 Apr 2020, Dan Brown wrote:
[DB] Last week, I looked up what NIST documents say about 3DES.
https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final
If I read them correctly, this document implies something like:
- NO: new deployment of 3DES
- OK: old deployment of 3DES encryp
Minor points about 3DES below (likely redundant).
> -Original Message-
> From: IPsec On Behalf Of Robert Moskowitz
>
> Just as an aside thought about 3DES:
>
> perhaps you saw my questions to the CFRG list where I have exactly 64 bits
> to
> encrypt and no place for an IV or such.
>
> On
Benjamin Kaduk wrote:
>> The last time I have seen 3DES configured was for site-to-site VPNs
between
>> different (medical!) enterprises because neither side could be sure what
the
>> other side had, and equipment was old. They didn't dare change the
configuration, or
>> repla
Thanks all for the responses; this helps me get a better picture of the
state of things and our future direction!
On Wed, Apr 15, 2020 at 11:03:49AM -0400, Michael Richardson wrote:
>
> Benjamin Kaduk wrote:
> > I see in
> >
> https://datatracker.ietf.org/meeting/104/materials/minutes-1
Just as an aside thought about 3DES:
perhaps you saw my questions to the CFRG list where I have exactly 64
bits to encrypt and no place for an IV or such.
One of the serious suggestions WAS 3DES with 3 keys.
For a number of reasons I am not offering that in the initial ID, rather
AES-CFB16..
Benjamin Kaduk wrote:
> I see in
> https://datatracker.ietf.org/meeting/104/materials/minutes-104-ipsecme-00
> that we didn't want to get rid of 3DES at that time. Do we have a sense
> for how quickly that will change, the scope of existing deployments,
> etc.?
> In part
On Tue, 14 Apr 2020, Benjamin Kaduk wrote:
I see in
https://datatracker.ietf.org/meeting/104/materials/minutes-104-ipsecme-00
that we didn't want to get rid of 3DES at that time. Do we have a sense
for how quickly that will change, the scope of existing deployments, etc.?
3DES is already defi
