Re: [Cfrg] Use of the term "deprecated"
"Panos Kampanakis (pkampana)" <pkampana@cisco.com> Fri, 08 December 2017 15:31 UTC
Return-Path: <pkampana@cisco.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9CDE1243F6 for <cfrg@ietfa.amsl.com>; Fri, 8 Dec 2017 07:31:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.52
X-Spam-Level:
X-Spam-Status: No, score=-14.52 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NrsRuN4xZ8K0 for <cfrg@ietfa.amsl.com>; Fri, 8 Dec 2017 07:31:35 -0800 (PST)
Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 255E6120721 for <cfrg@irtf.org>; Fri, 8 Dec 2017 07:31:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6088; q=dns/txt; s=iport; t=1512747095; x=1513956695; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=fpCkqBF2aztHvF42MPhkUQkFr9Vzlojh2p4Iv0GCS6Y=; b=Uyaks5EtHCnXnkwyvfrDKjX5PBpAMSwZc2wSJ5drByGga+Q97nRZMp+8 vK/5p5d+S1V48NfYKdmCvG2LBrhhwyHFOEo7lxZ9cqrL++hhWu89HRIMq 3KH+7/rBaWhOxZg+Gf8zz3GGFCTZFPBWZQC1rqbhMTZz0/sie/uHwSK15 Y=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AcAQD2rypa/4wNJK1cGQEBAQEBAQEBAQEBAQcBAQEBAYJKdGZ0JweOHI8AgX2RQYVLghUKJYUWAoUCPxgBAQEBAQEBAQFrKIUiAQEBAQMtTBACAQgOAwQBASgHMhQJCAEBBAENBQiJPGQQqiOKYwEBAQEBAQEBAQEBAQEBAQEBAQEBARgFg1uCC4FWgWmDK4UtKIVCBaMIApUVk2qWLwIRGQGBOgEfOYFPbxU6gimCUgEbgWd4AYkggRUBAQE
X-IronPort-AV: E=Sophos;i="5.45,378,1508803200"; d="scan'208,217";a="328249540"
Received: from alln-core-7.cisco.com ([173.36.13.140]) by rcdn-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 08 Dec 2017 15:31:30 +0000
Received: from XCH-ALN-008.cisco.com (xch-aln-008.cisco.com [173.36.7.18]) by alln-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id vB8FVUEU008661 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 8 Dec 2017 15:31:30 GMT
Received: from xch-aln-010.cisco.com (173.36.7.20) by XCH-ALN-008.cisco.com (173.36.7.18) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Fri, 8 Dec 2017 09:31:29 -0600
Received: from xch-aln-010.cisco.com ([173.36.7.20]) by XCH-ALN-010.cisco.com ([173.36.7.20]) with mapi id 15.00.1320.000; Fri, 8 Dec 2017 09:31:29 -0600
From: "Panos Kampanakis (pkampana)" <pkampana@cisco.com>
To: Erik Andersen <era@x500.eu>, Cfrg <cfrg@irtf.org>
CC: Carsten Strunge <CAS@energinet.dk>
Thread-Topic: [Cfrg] Use of the term "deprecated"
Thread-Index: AdNwAj7rtSh6exWUShSQuW95dPBnSgANoRsA
Date: Fri, 08 Dec 2017 15:31:29 +0000
Message-ID: <493e5bc356fc40268177e1c8d87c5bc4@XCH-ALN-010.cisco.com>
References: <000801d37003$5165df80$f4319e80$@x500.eu>
In-Reply-To: <000801d37003$5165df80$f4319e80$@x500.eu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.116.108.3]
Content-Type: multipart/alternative; boundary="_000_493e5bc356fc40268177e1c8d87c5bc4XCHALN010ciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/yAu7geusL_-7bA0srSFiXPxV4VE>
Subject: Re: [Cfrg] Use of the term "deprecated"
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Dec 2017 15:31:37 -0000
Hi Erik, For what it is worth, our "subjective" Cisco approach includes the term Legacy which is equivalent to Deprecated. The definition is "Legacy algorithms provide a marginal but acceptable security level. They should be used only when no better alternatives are available, such as when interoperating with legacy equipment. It is recommended that these legacy algorithms be phased out and replaced with stronger algorithms." In the table https://www.cisco.com/c/en/us/about/security-center/next-generation-cryptography.html#2 you will see we are flagging SHA1 as legacy, MD5 as avoid. Rgs, Panos From: Cfrg [mailto:cfrg-bounces@irtf.org] On Behalf Of Erik Andersen Sent: Friday, December 08, 2017 4:03 AM To: Cfrg <cfrg@irtf.org> Cc: Carsten Strunge <CAS@energinet.dk> Subject: [Cfrg] Use of the term "deprecated" In the smart grid security standards the term deprecated is used for certain cryptographic algorithms, such as SHA-1, instead of disallowing them. NIST in SP 800-57, Part 1 Revision 4 has stopped using the term deprecated. What is the general feeling among list members on using the term deprecated on cryptographic algorithms? Erik
- [Cfrg] Use of the term "deprecated" Erik Andersen
- Re: [Cfrg] Use of the term "deprecated" Panos Kampanakis (pkampana)
- Re: [Cfrg] Use of the term "deprecated" Blumenthal, Uri - 0553 - MITLL