Re: [IPsec] 4307bis/7321bis key sizes

2016-08-23 Thread Michael Richardson
Derek Atkins wrote: >> The proposed change is based on the existence of quantum computers that >> have a sufficient number of properly-interacting qbits. We have >> literally no idea if those computers will ever exist. All current data >> indicates that we will

Re: [IPsec] 4307bis/7321bis key sizes

2016-08-23 Thread Paul Wouters
On Tue, 23 Aug 2016, Derek Atkins wrote: Yeah, I also disagree with the demotion of AES-128 to MUST-. It's the most widely deployed now, and when Q-C happens we can turn it off with a config change and work to remove it at that time. I think that is fair, so let me propose the following

Re: [IPsec] 4307bis/7321bis key sizes

2016-08-23 Thread Derek Atkins
On Tue, August 23, 2016 3:53 pm, Paul Hoffman wrote: [snip] > I may have misunderstood his proposal because he also wanted to demote > AES-128 from MUST to MUST-. I object on the grounds that we have no idea > if there will quantum-capable computers that can erode AES-128 in the > foreseeable

Re: [IPsec] 4307bis/7321bis key sizes

2016-08-23 Thread Paul Hoffman
On 23 Aug 2016, at 12:43, Derek Atkins wrote: Paul, On Tue, August 23, 2016 3:28 pm, Paul Hoffman wrote: On 23 Aug 2016, at 12:12, Derek Atkins wrote: Just to play devil's advocate here, are you implying that we'll see a 5-10-year lead time on quantum computer development sufficiently in

Re: [IPsec] 4307bis/7321bis key sizes

2016-08-23 Thread Derek Atkins
Paul, On Tue, August 23, 2016 3:28 pm, Paul Hoffman wrote: > > On 23 Aug 2016, at 12:12, Derek Atkins wrote: > >> Just to play devil's advocate here, are you implying that we'll see a >> 5-10-year lead time on quantum computer development sufficiently in >> order >> to spend those 5-10 years: >>

Re: [IPsec] 4307bis/7321bis key sizes

2016-08-23 Thread Yoav Nir
> On 23 Aug 2016, at 9:32 PM, Paul Hoffman wrote: > > On 23 Aug 2016, at 10:55, Paul Wouters wrote: > >> On Mon, 8 Aug 2016, Paul Wouters wrote: >> >> I haven't heard any objection to making 128 bit key sizes MUST- and >> 256 bit key sizes MUST. > > You can hear one

Re: [IPsec] 4307bis/7321bis key sizes

2016-08-23 Thread Paul Hoffman
On 23 Aug 2016, at 12:12, Derek Atkins wrote: Just to play devil's advocate here, are you implying that we'll see a 5-10-year lead time on quantum computer development sufficiently in order to spend those 5-10 years: 1) having this discussion again, 2) revving the documents 3) getting the

Re: [IPsec] 4307bis/7321bis key sizes

2016-08-23 Thread Derek Atkins
Paul, On Tue, August 23, 2016 2:32 pm, Paul Hoffman wrote: > On 23 Aug 2016, at 10:55, Paul Wouters wrote: > >> On Mon, 8 Aug 2016, Paul Wouters wrote: >> >> I haven't heard any objection to making 128 bit key sizes MUST- and >> 256 bit key sizes MUST. > > You can hear one now. > >> Answers that

Re: [IPsec] 4307bis/7321bis key sizes

2016-08-23 Thread Paul Hoffman
On 23 Aug 2016, at 10:55, Paul Wouters wrote: On Mon, 8 Aug 2016, Paul Wouters wrote: I haven't heard any objection to making 128 bit key sizes MUST- and 256 bit key sizes MUST. You can hear one now. Answers that agree or disagree would be good to hear. The proposed change is based on

Re: [IPsec] 4307bis/7321bis key sizes

2016-08-23 Thread Paul Wouters
On Mon, 8 Aug 2016, Paul Wouters wrote: I haven't heard any objection to making 128 bit key sizes MUST- and 256 bit key sizes MUST. Answers that agree or disagree would be good to hear. Paul Actually, this is a very good reason to bumo the keysizes from 128 to 256. Currently in 7321bis and