Re: [Cfrg] Use of the term "deprecated"

"Blumenthal, Uri - 0553 - MITLL" <> Fri, 08 December 2017 15:44 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1B528126D74 for <>; Fri, 8 Dec 2017 07:44:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.197
X-Spam-Status: No, score=-4.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_MED=-2.3, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 6J09QiVoULCX for <>; Fri, 8 Dec 2017 07:44:50 -0800 (PST)
Received: from (LLMX2.LL.MIT.EDU []) by (Postfix) with ESMTP id C15CB126B6D for <>; Fri, 8 Dec 2017 07:44:49 -0800 (PST)
Received: from ( by (unknown) with ESMTP id vB8FimFi021540 for <>; Fri, 8 Dec 2017 10:44:48 -0500
From: "Blumenthal, Uri - 0553 - MITLL" <>
To: Cfrg <>
Thread-Topic: [Cfrg] Use of the term "deprecated"
Thread-Index: AdNwAj7rtSh6exWUShSQuW95dPBnSgANoRsAAACtk4A=
Date: Fri, 08 Dec 2017 15:44:47 +0000
Message-ID: <>
References: <000801d37003$5165df80$f4319e80$> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
user-agent: Microsoft-MacOutlook/f.28.0.171108
x-originating-ip: []
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha256"; boundary="B_3595574687_1470976812"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-12-08_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1712080216
Archived-At: <>
Subject: Re: [Cfrg] Use of the term "deprecated"
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 08 Dec 2017 15:44:52 -0000

The term “Legacy” does not carry as much strength as the term “Deprecated”. So I strongly (pun intended) suggest using the term “Deprecated” to emphasize the fact that the algorithms in question should not be used if at all possible.




Uri Blumenthal


From: Cfrg <> on behalf of "Panos Kampanakis (pkampana)" <>
Date: Friday, December 08, 2017 at 10:32
To: Erik Andersen <>, CFRG <>
Cc: Carsten Strunge <>
Subject: Re: [Cfrg] Use of the term "deprecated"


Hi Erik,


For what it is worth, our “subjective” Cisco approach includes the term Legacy which is equivalent to Deprecated. The definition is “Legacy algorithms provide a marginal but acceptable security level. They should be used only when no better alternatives are available, such as when interoperating with legacy equipment. It is recommended that these legacy algorithms be phased out and replaced with stronger algorithms.” In the table you will see we are flagging SHA1 as legacy, MD5 as avoid. 






From: Cfrg [] On Behalf Of Erik Andersen
Sent: Friday, December 08, 2017 4:03 AM
To: Cfrg <>
Cc: Carsten Strunge <>
Subject: [Cfrg] Use of the term "deprecated"


In the smart grid security standards the term deprecated is used for certain cryptographic algorithms, such as SHA-1, instead of disallowing them. NIST in SP 800-57, Part 1 Revision 4 has stopped using the term deprecated.


What is the general feeling among  list members on using the term deprecated on cryptographic algorithms?