IETF Logo Mail Archive

[saag] Algorithms/modes requested by users/customers

Randall Atkinson <rja@extremenetworks.com> Sat, 16 February 2008 23:43 UTC

Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m1GNhRlg009443 for <saag@PCH.mit.edu>; Sat, 16 Feb 2008 18:43:27 -0500
Received: from mit.edu (M24-004-BARRACUDA-2.MIT.EDU [18.7.7.112]) by fort-point-station.mit.edu (8.13.6/8.9.2) with ESMTP id m1GNhKeq021111 for <saag@mit.edu>; Sat, 16 Feb 2008 18:43:20 -0500 (EST)
Received: from ussc-casht-p2.corp.extremenetworks.com (ussc-casht-p1.extremenetworks.com [207.179.9.62]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by mit.edu (Spam Firewall) with ESMTP id C8B9CFABA1C for <saag@mit.edu>; Sat, 16 Feb 2008 18:42:59 -0500 (EST)
Received: from USEXCHANGE.corp.extremenetworks.com ([172.168.1.2]) by ussc-casht-p2.corp.extremenetworks.com ([10.255.181.88]) with mapi; Sat, 16 Feb 2008 15:42:58 -0800
From: Randall Atkinson <rja@extremenetworks.com>
To: "saag@mit.edu" <saag@mit.edu>
Date: Sat, 16 Feb 2008 15:42:57 -0800
Thread-Topic: Algorithms/modes requested by users/customers
Thread-Index: AQHIcPWoS7HEfANh0kyQUz3uBqgcnA==
Message-ID: <8329C86009B2F24493D76B486146769A9429B7A8@USEXCHANGE.corp.extremenetworks.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
X-Spam-Score: 0.02
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id m1GNhRlg009443
Subject: [saag] Algorithms/modes requested by users/customers
X-BeenThere: saag@mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
List-Id: IETF Security Area Advisory Group <saag.mit.edu>
List-Unsubscribe: <http://mailman.mit.edu/mailman/listinfo/saag>, <mailto:saag-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/saag>
List-Post: <mailto:saag@mit.edu>
List-Help: <mailto:saag-request@mit.edu?subject=help>
List-Subscribe: <http://mailman.mit.edu/mailman/listinfo/saag>, <mailto:saag-request@mit.edu?subject=subscribe>
X-List-Received-Date: Sat, 16 Feb 2008 23:43:27 -0000

Earlier, someone said:
% I think it would help enormously if we had some sort of
% cross IETF statement of the set of algorithms that are
% currently the consensus recommendations for support.

I will answer a slightly different question.  For the question:
     "What algorithms/modes are most paying customers asking for ?"
the answers turn out to be:

1) NIST FIPS-140 conforming algorithms/modes.
and
2) Suite-B conforming algorithms/modes.

Approximately speaking, (2) above is a subset of (1) above.

The IETF might make some different decision than those,
but equipment vendors will have to implement (1) or (2)
to please most commercial users (e.g. banks, insurance firms,
stock brokerages/markets, top international commercial
firms in other areas).  So whether or not these are specified
by IETF on the standards-track, there is interoperability value
in having open specifications (e.g. Informational RFC would
do quite nicely) for (1) and (2) for nearly any Internet-related
protocol using cryptography.

This seems to be driven externally by insurance firms that tell
their customers to only use equipment whose cryptographic
subsystems/modules have been (or are going to be) evaluated
formally under FIPS-140.

And I'll note that this are not really driven particularly by US firms.
European, Asia/Pacific, and Latin American firms are making the
exact same requests for FIPS-140 of their equipment vendors.

Yours,

Ran
rja@extremenetworks.com

v2.23.0 | Report a Bug | By Email