[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bruce Schneier on IPsec

Steve Kent wrote:

[I tend to agree with this analysis. The argument for weak key checking
was made by folks who don't understand the cryptographic issues
involved, but who are persistent and loud, e.g., Bill Simpson. Ted T'so
(co-chair of the WG) and I discussed this problem, and tried to explain
it to the list, but were unsuccessful. Another flaw in the committee

Actually, I think we had gotten agreement to remove the weak key check,
but it never made it into the document edit.  So I believe it was an
oversight, and I'd chalk this one up to the complexity of documents and
overtaxed document editors.  Other folks who argued quite strongly for
removing the weak key check included Bill Sommerfeld, who noted that
from a software engineering perspective, the weak key rejection case
happened so rarely, that there was danger in it being an untested code
path.  Fortunately RFC 2405 lists this as a SHOULD, and so it's
something we can adjust and remove in the next pass.

						- Ted

Follow-Ups: References: