Re: [Cfrg] Use of the term "deprecated"

"Panos Kampanakis (pkampana)" <> Fri, 08 December 2017 15:31 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E9CDE1243F6 for <>; Fri, 8 Dec 2017 07:31:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -14.52
X-Spam-Status: No, score=-14.52 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id NrsRuN4xZ8K0 for <>; Fri, 8 Dec 2017 07:31:35 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 255E6120721 for <>; Fri, 8 Dec 2017 07:31:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=6088; q=dns/txt; s=iport; t=1512747095; x=1513956695; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=fpCkqBF2aztHvF42MPhkUQkFr9Vzlojh2p4Iv0GCS6Y=; b=Uyaks5EtHCnXnkwyvfrDKjX5PBpAMSwZc2wSJ5drByGga+Q97nRZMp+8 vK/5p5d+S1V48NfYKdmCvG2LBrhhwyHFOEo7lxZ9cqrL++hhWu89HRIMq 3KH+7/rBaWhOxZg+Gf8zz3GGFCTZFPBWZQC1rqbhMTZz0/sie/uHwSK15 Y=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.45,378,1508803200"; d="scan'208,217";a="328249540"
Received: from ([]) by with ESMTP/TLS/DHE-RSA-AES256-SHA; 08 Dec 2017 15:31:30 +0000
Received: from ( []) by (8.14.5/8.14.5) with ESMTP id vB8FVUEU008661 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 8 Dec 2017 15:31:30 GMT
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1320.4; Fri, 8 Dec 2017 09:31:29 -0600
Received: from ([]) by ([]) with mapi id 15.00.1320.000; Fri, 8 Dec 2017 09:31:29 -0600
From: "Panos Kampanakis (pkampana)" <>
To: Erik Andersen <>, Cfrg <>
CC: Carsten Strunge <>
Thread-Topic: [Cfrg] Use of the term "deprecated"
Thread-Index: AdNwAj7rtSh6exWUShSQuW95dPBnSgANoRsA
Date: Fri, 08 Dec 2017 15:31:29 +0000
Message-ID: <>
References: <000801d37003$5165df80$f4319e80$>
In-Reply-To: <000801d37003$5165df80$f4319e80$>
Accept-Language: en-US
Content-Language: en-US
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_493e5bc356fc40268177e1c8d87c5bc4XCHALN010ciscocom_"
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [Cfrg] Use of the term "deprecated"
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 08 Dec 2017 15:31:37 -0000

Hi Erik,

For what it is worth, our "subjective" Cisco approach includes the term Legacy which is equivalent to Deprecated. The definition is "Legacy algorithms provide a marginal but acceptable security level. They should be used only when no better alternatives are available, such as when interoperating with legacy equipment. It is recommended that these legacy algorithms be phased out and replaced with stronger algorithms." In the table you will see we are flagging SHA1 as legacy, MD5 as avoid.


From: Cfrg [] On Behalf Of Erik Andersen
Sent: Friday, December 08, 2017 4:03 AM
To: Cfrg <>
Cc: Carsten Strunge <>
Subject: [Cfrg] Use of the term "deprecated"

In the smart grid security standards the term deprecated is used for certain cryptographic algorithms, such as SHA-1, instead of disallowing them. NIST in SP 800-57, Part 1 Revision 4 has stopped using the term deprecated.

What is the general feeling among  list members on using the term deprecated on cryptographic algorithms?