On Sat, 20 Jan 2007 13:34:54 -0800
Lakshminath Dondeti <ldondeti(_at_)qualcomm(_dot_)com> wrote:
What are the export implications due to this? A compliant ESP
implementation MUST include the DES cipher due to this change. With
status quo, a compliant ESP implementation can be used for integrity
protection alone with NULL encryption.
I don't understand your question. Apart from the Danvers doctrine --
the IETF makes technically sound decisions without regard to politics
-- how do you conclude that DES MUST be included? The new document
says SHOULD NOT.
Russ Housley wrote:
During the IETF Last Call for
draft-manral-ipsec-rfc4305-bis-errata, we > received a comment that
deserves wide exposure.
For ESP encryption algorithms, the document that was sent out for
Last > Call contains the following table: Requirement
Encryption Algorithm (notes)
----------- --------------------
MUST NULL (1)
MUST- TripleDES-CBC [RFC2451]
SHOULD+ AES-CBC with 128-bit keys [RFC3602]
SHOULD AES-CTR [RFC3686]
SHOULD NOT DES-CBC [RFC2405] (3)
The Last Call comment suggests changing the "SHOULD+" for AES-CBC
to > "MUST." I support this proposed change, and I have asked the
author to make this > change in the document that will be
submitted to the IESG for > consideration on the Telechat on
January 25th. If anyone has an > objection to this change,
please speak now. Please send comments on > this proposed change
to the iesg(_at_)ietf(_dot_)org or ietf(_at_)ietf(_dot_)org mailing lists
by
2007-01-24. Russ Housley
Security AD
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
--Steve Bellovin, http://www.cs.columbia.edu/~smb
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf