RFC 3871           Operational Security Requirements      September 2004

   Justification.

      Protocols that have not been subjected to widespread, extended

      public/peer review are more likely to have undiscovered weaknesses

      or flaws than open standards and publicly reviewed protocols

      Network operators may have need or desire to use non open

      protocols They should be allowed to evaluate the trade offs and

      make an informed choice between open and non open protocols.

   Examples.

      See TLS [RFC2246] and IPsec [RFC2401].

   Warnings.

      Note that open review is necessary but may not be sufficient.  It

      is perfectly possible for an openly reviewed protocol to misuse

      (or not use) cryptography.

2.2.4.  Allow Selection of Cryptographic Parameters

   Requirement.

      The device SHOULD allow the operator to select cryptographic

      parameters.  This SHOULD include key lengths and algorithms.

   Justification.

      Cryptography using certain algorithms and key lengths may be

      considered "strong" at one point in time, but "weak" at another.

      The constant increase in compute power continually reduces the

      time needed to break cryptography of a certain strength.

      Weaknesses may be discovered in algorithms.  The ability to select

      a different algorithm is a useful tool for maintaining security in

      the face of such discoveries.

   Examples.

      56 bit DES was once considered secure.  In 1998 it was cracked by

      custom built machine in under 3 days.  The ability to select

      algorithms and key lengths would give the operator options

      (different algorithms, longer keys) in the face of such

      developments.

   Warnings.

      None.

Jones                        Informational                     [Page 15]