On Sat, 20 Jan 2007 13:34:54 -0800 Lakshminath Dondeti <ldondeti@xxxxxxxxxxxx> wrote: > What are the export implications due to this? A compliant ESP > implementation MUST include the DES cipher due to this change. With > status quo, a compliant ESP implementation can be used for integrity > protection alone with NULL encryption. > I don't understand your question. Apart from the Danvers doctrine -- the IETF makes technically sound decisions without regard to politics -- how do you conclude that DES MUST be included? The new document says SHOULD NOT. > > Russ Housley wrote: > > During the IETF Last Call for > > draft-manral-ipsec-rfc4305-bis-errata, we > received a comment that > > deserves wide exposure. > > > For ESP encryption algorithms, the document that was sent out for > > > Last > Call contains the following table: Requirement > > > Encryption Algorithm (notes) > > ----------- -------------------- > > MUST NULL (1) > > MUST- TripleDES-CBC [RFC2451] > > SHOULD+ AES-CBC with 128-bit keys [RFC3602] > > SHOULD AES-CTR [RFC3686] > > SHOULD NOT DES-CBC [RFC2405] (3) > > > The Last Call comment suggests changing the "SHOULD+" for AES-CBC > > > to > "MUST." I support this proposed change, and I have asked the > > > author to make this > change in the document that will be > > > submitted to the IESG for > consideration on the Telechat on > > > January 25th. If anyone has an > objection to this change, > > > please speak now. Please send comments on > this proposed change > > > to the iesg@xxxxxxxx or ietf@xxxxxxxx mailing lists > by > > > 2007-01-24. Russ Housley > > Security AD > > > > _______________________________________________ > > Ietf mailing list > > Ietf@xxxxxxxx > > https://www1.ietf.org/mailman/listinfo/ietf > > _______________________________________________ > Ietf mailing list > Ietf@xxxxxxxx > https://www1.ietf.org/mailman/listinfo/ietf > --Steve Bellovin, http://www.cs.columbia.edu/~smb _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf