Re: [Cfrg] Use of the term "deprecated"
"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Fri, 08 December 2017 15:44 UTC
Return-Path: <prvs=3515d663a0=uri@ll.mit.edu>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B528126D74 for <cfrg@ietfa.amsl.com>; Fri, 8 Dec 2017 07:44:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.197
X-Spam-Level:
X-Spam-Status: No, score=-4.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_MED=-2.3, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6J09QiVoULCX for <cfrg@ietfa.amsl.com>; Fri, 8 Dec 2017 07:44:50 -0800 (PST)
Received: from llmx2.ll.mit.edu (LLMX2.LL.MIT.EDU [129.55.12.48]) by ietfa.amsl.com (Postfix) with ESMTP id C15CB126B6D for <cfrg@irtf.org>; Fri, 8 Dec 2017 07:44:49 -0800 (PST)
Received: from LLE2K10-HUB02.mitll.ad.local (LLE2K10-HUB02.mitll.ad.local) by llmx2.ll.mit.edu (unknown) with ESMTP id vB8FimFi021540 for <cfrg@irtf.org>; Fri, 8 Dec 2017 10:44:48 -0500
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Cfrg <cfrg@irtf.org>
Thread-Topic: [Cfrg] Use of the term "deprecated"
Thread-Index: AdNwAj7rtSh6exWUShSQuW95dPBnSgANoRsAAACtk4A=
Date: Fri, 08 Dec 2017 15:44:47 +0000
Message-ID: <C2B433D0-FC93-4F03-9D3F-48384198D9B1@ll.mit.edu>
References: <000801d37003$5165df80$f4319e80$@x500.eu> <493e5bc356fc40268177e1c8d87c5bc4@XCH-ALN-010.cisco.com>
In-Reply-To: <493e5bc356fc40268177e1c8d87c5bc4@XCH-ALN-010.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.28.0.171108
x-originating-ip: [172.25.177.154]
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha256"; boundary="B_3595574687_1470976812"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-12-08_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1712080216
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/IWA3Hw8ep6EVcTY5WJGo5Vk6CMo>
Subject: Re: [Cfrg] Use of the term "deprecated"
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Dec 2017 15:44:52 -0000
The term “Legacy” does not carry as much strength as the term “Deprecated”. So I strongly (pun intended) suggest using the term “Deprecated” to emphasize the fact that the algorithms in question should not be used if at all possible. -- Regards, Uri Blumenthal From: Cfrg <cfrg-bounces@irtf.org> on behalf of "Panos Kampanakis (pkampana)" <pkampana@cisco.com> Date: Friday, December 08, 2017 at 10:32 To: Erik Andersen <era@x500.eu>, CFRG <cfrg@irtf.org> Cc: Carsten Strunge <CAS@energinet.dk> Subject: Re: [Cfrg] Use of the term "deprecated" Hi Erik, For what it is worth, our “subjective” Cisco approach includes the term Legacy which is equivalent to Deprecated. The definition is “Legacy algorithms provide a marginal but acceptable security level. They should be used only when no better alternatives are available, such as when interoperating with legacy equipment. It is recommended that these legacy algorithms be phased out and replaced with stronger algorithms.” In the table https://www.cisco.com/c/en/us/about/security-center/next-generation-cryptography.html#2 you will see we are flagging SHA1 as legacy, MD5 as avoid. Rgs, Panos From: Cfrg [mailto:cfrg-bounces@irtf.org] On Behalf Of Erik Andersen Sent: Friday, December 08, 2017 4:03 AM To: Cfrg <cfrg@irtf.org> Cc: Carsten Strunge <CAS@energinet.dk> Subject: [Cfrg] Use of the term "deprecated" In the smart grid security standards the term deprecated is used for certain cryptographic algorithms, such as SHA-1, instead of disallowing them. NIST in SP 800-57, Part 1 Revision 4 has stopped using the term deprecated. What is the general feeling among list members on using the term deprecated on cryptographic algorithms? Erik
- [Cfrg] Use of the term "deprecated" Erik Andersen
- Re: [Cfrg] Use of the term "deprecated" Panos Kampanakis (pkampana)
- Re: [Cfrg] Use of the term "deprecated" Blumenthal, Uri - 0553 - MITLL