On Mon, 8 Aug 2016, Paul Wouters wrote:
I haven't heard any objection to making 128 bit key sizes MUST- and
256 bit key sizes MUST. Answers that agree or disagree would be good
to hear.
Paul
Actually, this is a very good reason to bumo the keysizes from 128 to
256. Currently in 7321bis and 4307bis, 128 is MUST and 256 is SHOULD. I
have asked before if we should make 256 MUST and 128 MUST-.
Current text has:
[1] - This requirement level is for 128-bit keys. 256-bit keys are at
SHOULD. 192-bit keys can safely be ignored. [IoT] - This
requirement is for interoperability with IoT.
IPsec sessions may have very long life time, and carry multiple
packets, so there is a need to move 256-bit keys in the long term.
For that purpose requirement level is for 128 bit keys and 256 bit
keys are at SHOULD (when applicable). In that sense 256 bit keys
status has been raised from MAY in RFC7321 to SHOULD.
Is there anyone who disagrees with making 128 MUST- and 256 MUST ?
Paul
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
