From: Andy Brown <asb@nexor.co.uk>
Date: Thu, 10 Aug 95 05:48:09 PDT
To: cypherpunks@toad.com
Subject: Why DES in IPSEC ESP?
Message-ID: <Pine.SOL.3.91.950810133448.4480H-100000@eagle.nexor.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


I suppose this is really addressed at Perry:

Why was (single) DES chosen as the algorithm for the ESP part of IPSEC? 
If someone's IP traffic is being monitored and collected offline by some
agency then they're going to get about a couple of hours of security while
the special purpose key search hardware kicks into action.  I know other
algorithms can optionally be used, but surely it would have been better to
have a second, stronger algorithm specified mandatory as well. 


- Andy

+-------------------------------------------------------------------------+
| Andrew Brown  Internet <asb@nexor.co.uk>  Telephone +44 115 952 0585    |
| PGP (2048/9611055D): 69 AA EF 72 80 7A 63 3A  C0 1F 9F 66 64 02 4C 88   |
+-------------------------------------------------------------------------+