[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Cfrg] RE: [saag] Cryptography Algorithm Choice

To: "'Paul Hoffman / VPNC'" <paul.hoffman at vpnc.org>, cfrg at ietf.org, saag at mit.edu
Subject: RE: [Cfrg] RE: [saag] Cryptography Algorithm Choice
From: "Hallam-Baker, Phillip" <pbaker at verisign.com>
Date: Wed, 25 Aug 2004 08:01:26 -0700
List-help: <mailto:cfrg-request@ietf.org?subject=help>
List-id: Crypto Forum Research Group <cfrg.ietf.org>
List-post: <mailto:cfrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=unsubscribe>
Sender: cfrg-bounces at ietf.org

> >In your example DES is still a MUST for conformance testing but it
> >is a SHOULD NOT as far as security goes.
> 
> Huh? Where in RFC 2407 do you see that? The RFC is completely clear: 
> MUST support DES, "strongly encouraged" to support TripleDES. The 
> waffly words in the IESG note do not say "SHOULD NOT", and the 
> prediction that "it is very likely that the IETF will deprecate the 
> use of ESP_DES as a mandatory cipher suite in the near future" never 
> came to pass.

Since when was RFC status a useful guide to security?

An RFC can recommend ROT13 as an encryption algorithm. Its still a
SHOULD NOT as far as security goes.

The point of my note is that I do NOT regard IETF requirements as
being authoratative on security matters.

_______________________________________________
Cfrg mailing list
Cfrg at ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg

Follow-Ups:
- Re: [Cfrg] RE: [saag] Cryptography Algorithm Choice
  - From: Jeff Williams

Prev by Date: [Cfrg] RE: [saag] Cryptography Algorithm Choice
Next by Date: [Cfrg] Re: [saag] Bad day at the hash function factory
Previous by thread: RE: [Cfrg] RE: [saag] Cryptography Algorithm Choice
Next by thread: Re: [Cfrg] RE: [saag] Cryptography Algorithm Choice
Index(es):
- Date
- Thread