IETF Logo Mail Archive

Re: Mandatory Algorithm Changes?

David Shaw <dshaw@jabberwocky.com> Tue, 08 February 2005 19:15 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA05834 for <openpgp-archive@lists.ietf.org>; Tue, 8 Feb 2005 14:15:40 -0500 (EST)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j18IwiuK029077; Tue, 8 Feb 2005 10:58:44 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j18IwiVT029076; Tue, 8 Feb 2005 10:58:44 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from rwcrmhc13.comcast.net (rwcrmhc13.comcast.net [204.127.198.39]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j18IwiVd029056 for <ietf-openpgp@imc.org>; Tue, 8 Feb 2005 10:58:44 -0800 (PST) (envelope-from dshaw@grover.jabberwocky.com)
Received: from walrus.ne.client2.attbi.com ([24.60.132.70]) by comcast.net (rwcrmhc13) with ESMTP id <2005020818583401500o65nfe>; Tue, 8 Feb 2005 18:58:35 +0000
Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.ne.client2.attbi.com (8.12.8/8.12.8) with ESMTP id j18IwY7o010617 for <ietf-openpgp@imc.org>; Tue, 8 Feb 2005 13:58:34 -0500
Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j18IwW5v011091 for <ietf-openpgp@imc.org>; Tue, 8 Feb 2005 13:58:32 -0500
Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j18IwWH6011090 for ietf-openpgp@imc.org; Tue, 8 Feb 2005 13:58:32 -0500
Date: Tue, 08 Feb 2005 13:58:32 -0500
From: David Shaw <dshaw@jabberwocky.com>
To: OpenPGP <ietf-openpgp@imc.org>
Subject: Re: Mandatory Algorithm Changes?
Message-ID: <20050208185832.GD10858@jabberwocky.com>
Mail-Followup-To: OpenPGP <ietf-openpgp@imc.org>
References: <0e2405990b7f7b186cd70e8603889d04@callas.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <0e2405990b7f7b186cd70e8603889d04@callas.org>
OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc
User-Agent: Mutt/1.5.7i
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On Tue, Feb 08, 2005 at 09:42:20AM -0800, Jon Callas wrote:
> 
> I almost cringe to suggest this, but I will.
> 
> Triple-DES is pretty much obsolete. Yesterday, I saw that NIST 
> announced they're moving to stronger hashes.
> 
> Does anyone object to changing the MUST cipher to AES (I'd pick 128) 
> and MUST hash to SHA-256?

This would be difficult to do without breaking backwards
compatibility.  There are a lot of deployed systems that expect 3DES
to be the MUST cipher.

I'm not against adding a second MUST cipher without removing the
current 3DES, but I don't see how the 3DES as the
cipher-of-last-resort could be changed except over a significant
amount of time.

David

v2.23.0 | Report a Bug | By Email