IETF Logo Mail Archive

Re: Mandatory Algorithm Changes?

Jon Callas <jon@callas.org> Fri, 11 February 2005 08:05 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA05976 for <openpgp-archive@lists.ietf.org>; Fri, 11 Feb 2005 03:05:10 -0500 (EST)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j1B7bbNu044544; Thu, 10 Feb 2005 23:37:37 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j1B7bb3F044543; Thu, 10 Feb 2005 23:37:37 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j1B7baGw044487 for <ietf-openpgp@imc.org>; Thu, 10 Feb 2005 23:37:36 -0800 (PST) (envelope-from jon@callas.org)
Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6) for <ietf-openpgp@imc.org>; Thu, 10 Feb 2005 22:32:25 -0800
Received: from [63.73.97.189] ([63.73.97.189]) by keys.merrymeet.com (PGP Universal service); Thu, 10 Feb 2005 22:32:24 -0800
X-PGP-Universal: processed
Mime-Version: 1.0 (Apple Message framework v619.2)
In-Reply-To: <420A012A.5020204@systemics.com>
References: <20050208194442.F2C6A57E2A@finney.org> <42092EC2.9040501@systemics.com> <87zmyeyyg9.fsf@wheatstone.g10code.de> <420A012A.5020204@systemics.com>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Message-Id: <39c100e92dbc54b9fcb678d904676384@callas.org>
Content-Transfer-Encoding: 7bit
From: Jon Callas <jon@callas.org>
Subject: Re: Mandatory Algorithm Changes?
Date: Thu, 10 Feb 2005 17:11:30 -0800
To: OpenPGP <ietf-openpgp@imc.org>
X-Mailer: Apple Mail (2.619.2)
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 7bit

Mandatory-to-implement does not mean mandatory-to-use.

If we change 3DES to AES, things don't instantly stop working. If we do 
that, 3DES would be a SHOULD, of course, and there will be a note that 
says that if you don't implement 3DES there could be interoperability 
issues.

I don't think that any reasonable implementor is going to run right out 
and code stupidly. It will obviously take a couple of years before 
someone can safely assume, for example, that the 
algorithm-of-last-resort would be AES.

However, if we ever want to roll 3DES over to AES, we have to start 
sometime. The couple of years of bake-in doesn't start until a change 
is made. Why not now?

I'm willing to concede the point on SHA-256, I wouldn't have brought it 
up at all if NIST hadn't said a couple days ago they're phasing out 
SHA-1 and rolling to SHA-256.

	Jon

v2.23.0 | Report a Bug | By Email