Re: [Cfrg] What crypto algorithm is referenced most in RFCs?

Joachim Strömbergson <Joachim@Strombergson.com> Tue, 14 June 2011 06:16 UTC

Return-Path: <Joachim@Strombergson.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6BE3811E8120 for <cfrg@ietfa.amsl.com>; Mon, 13 Jun 2011 23:16:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.299
X-Spam-Level:
X-Spam-Status: No, score=-3.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jXIiRUY5CgIv for <cfrg@ietfa.amsl.com>; Mon, 13 Jun 2011 23:16:16 -0700 (PDT)
Received: from susano.oderland.com (susano.oderland.com [91.201.63.143]) by ietfa.amsl.com (Postfix) with ESMTP id 7F6D211E8088 for <cfrg@irtf.org>; Mon, 13 Jun 2011 23:16:15 -0700 (PDT)
Received: from 2.67.227.87.static.g-sn.siw.siwnet.net ([87.227.67.2] helo=snabbis.local) by susano.oderland.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <Joachim@Strombergson.com>) id 1QWMv8-000659-6k for cfrg@irtf.org; Tue, 14 Jun 2011 08:16:14 +0200
Message-ID: <4DF6FCAD.1000704@Strombergson.com>
Date: Tue, 14 Jun 2011 08:16:13 +0200
From: =?UTF-8?B?Sm9hY2hpbSBTdHLDtm1iZXJnc29u?= <Joachim@Strombergson.com>
Organization: Kryptologik
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.17) Gecko/20110414 Lightning/1.0b2 Thunderbird/3.1.10
MIME-Version: 1.0
To: cfrg@irtf.org
References: <4A7C9D3B-70C6-4D14-A5D8-F54D84DBBEA9@cisco.com>
In-Reply-To: <4A7C9D3B-70C6-4D14-A5D8-F54D84DBBEA9@cisco.com>
X-Enigmail-Version: 1.1.1
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - susano.oderland.com
X-AntiAbuse: Original Domain - irtf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - Strombergson.com
Subject: Re: [Cfrg] What crypto algorithm is referenced most in RFCs?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Joachim@Strombergson.com
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2011 06:16:17 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Aloha!

On 2011:06:13 16:04, David McGrew wrote:
> That last page can be used to answer the question in the subject line. 
> (Hint: it is not something most of us probably recommend anymore.)

I was amazed that there were so many of those drafts that are in
standards track. Drafts in informational track describing uses of
insecure algorithms is imho ok, since they document a practice.
Similarly, RFCs are a done deal and if they are a standard RFC must be
replaced by newer RFCs to fix security issues.

But in 2011 writing a draft for standards track that includes known
insecure, broken algorithms?

Would it be fruitful to browse the list try and identify the most
pressing cases and try to convince the authors that they should mend
their ways?

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
Kryptoblog - IT-säkerhet på svenska
http://www.strombergson.com/kryptoblog
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk32/K0ACgkQZoPr8HT30QF7lACfSUrUM2Ue5RDfK9CZ7379LaSS
mn4AnRgV7Q37ZaUfwm4gzGdODQOMFwOa
=vQLC
-----END PGP SIGNATURE-----