Paul Hoffman wrote: > >You may be overstating that "many people" agree that it is worth doing, > >but it is certainly worth discussing.
I'm definitely interested in that discussion, as I'm in the midst of an update to the IPsec requirements for iSCSI. David McGrew wrote: > The issue is that 3DES has a 64-bit block instead of a 128-bit block; > please see draft-irtf-cfrg-cipher-catalog-01 Section 2.2.3. (In > retrospect, there should have been a citation in the draft.) That suggests that an explanation of the birthday bound concern along with a discussion of transmission rate and rekeying concerns would be appropriate for the ESP and AH requirements draft, as opposed to a blanket "SHOULD NOT" statement for 3DES. A 1 Gbit/sec link running encrypted at line rate can get to the 4 Gigabyte birthday bound stated in the cfrg draft fairly quickly, but a much slower throughput rate may take much longer before rekeying becomes necessary, if ever (e.g., a remote access session's entire traffic may be measured in 10s of Megabytes or less). Aside - there may be a math error in the draft. For a block size (w) of 64 (i.e., 2^6): - w * 2^(w/2) bits = 2^6 * 2^32 bits = 2^38 bits - 2^38 bits is 2^35 bytes (byte contains 8=2^3 bits) - 2^35 bytes is 2^5 gigabytes (gigabyte contains 2^30 bits). That would be 32 gigabytes, but this aside doesn't change the above discussion, as a 1 Gbit/sec rate will get there in a few minutes, and a 10 Gbit/sec rate will get there in under a minute. Moreover the draft warns (with good reason) that getting close to the birthday bound is not a good idea. Thanks, --David ---------------------------------------------------- David L. Black, Distinguished Engineer EMC Corporation, 176 South St., Hopkinton, MA 01748 +1 (508) 293-7953 FAX: +1 (508) 293-7786 david.bl...@emc.com Mobile: +1 (978) 394-7754 ---------------------------------------------------- > -----Original Message----- > From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf Of > David McGrew (mcgrew) > Sent: Tuesday, October 23, 2012 8:37 AM > To: Paul Hoffman > Cc: IPsecme WG; wajdi.k.fegh...@intel.com > Subject: Re: [IPsec] updating ESP and AH requirements (was: Call for agenda > items) > > > > On 10/22/12 8:32 PM, "Paul Hoffman" <paul.hoff...@vpnc.org> wrote: > > >On Oct 22, 2012, at 4:55 PM, David McGrew (mcgrew) <mcg...@cisco.com> > >wrote: > > > >> One thing that deserves to be on the agenda is a discussion of the need > >>to > >> update the ESP and AH crypto requirements, which have not been updated > >> since 2007, and to provide guidance on how to use ESP and AH to achieve > >> security goals. I have a draft proposing what that could look like, > >> draft-mcgrew-ipsec-me-esp-ah-reqts-00. This is off-charter, but I > >> believe that it is something that many people would agree is worth > >>doing. > > > >You may be overstating that "many people" agree that it is worth doing, > >but it is certainly worth discussing. > > > >> Of course, comments on the detailed requirements are welcome as well. > > > >Your listing of TripleDES as "SHOULD NOT" without any cryptographic > >justification might raise some eyebrows. > > The issue is that 3DES has a 64-bit block instead of a 128-bit block; > please see draft-irtf-cfrg-cipher-catalog-01 Section 2.2.3. (In > retrospect, there should have been a citation in the draft.) > > David > > > > >--Paul Hoffman > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec