Re: Critics blast Windows 2000's quiet use of DES instead of 3DES

[Dennis Glatting]

"L. Sassaman" wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Wed, 17 May 2000, Dennis Glatting wrote:
> 
> > > Frankly, I can't understand why the IPsec protocol still allows DES. It
> > > should require strong encryption. Having DES in a product these days makes
> > > about as much sense as mandating the usage of ROT13.
> > >
> >
> > We are waiting for AES.
> 
> So am I correct in assuming you are saying that DES will be disallowed as
> part of the IPsec protocol when AES is finalized?
> 
> This would be good. I still think that DES should be dropped immediately,
> however.
> 

I didn't go to Adelaide, so I am not up on current events. In the two
or three prior IETF IPsec and SAAG meetings there was discussion on
reducing 1DES to a SHOULD or MAY and elevating 3DES to a SHOULD or
MUST for IPsec. Along the way AES started to look like a real
possibility.

Go to http://web.mit.edu/network/ietf/sa/ and check out SAAG 45 and
draft-ietf-saag-aes-ciph-00.txt.