Re: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06
Eliot Lear <lear@cisco.com> Tue, 01 September 2015 17:02 UTC
Return-Path: <lear@cisco.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FDC31B43B6 for <saag@ietfa.amsl.com>; Tue, 1 Sep 2015 10:02:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CVarhPIkovXC for <saag@ietfa.amsl.com>; Tue, 1 Sep 2015 10:02:09 -0700 (PDT)
Received: from bgl-iport-4.cisco.com (bgl-iport-4.cisco.com [72.163.197.28]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A7311B3E8F for <saag@ietf.org>; Tue, 1 Sep 2015 10:02:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1501; q=dns/txt; s=iport; t=1441126928; x=1442336528; h=subject:to:references:from:message-id:date:mime-version: in-reply-to; bh=+mxwrSprfDEk7X48/P5VDagD1eRnI/qCDFfffTAJXWA=; b=Z0S/07HRWVB64NyzUtDV6C7BNjl35q2i5c4HsM2lyluspWxQUNM3dLBG x1vISDk6laDirQh01R1dD+iLtIoQXaa3mj8OWkXqQXQLh+gEJo1kUp6UJ J5eIYY5k5Z07BHDTBQJ8veHgook2xDRkQIgdM/3L6B5y2zZrk07TLHfoN I=;
X-Files: signature.asc : 481
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0B4BQDe2OVV/xjFo0hdh3u7FYdyAoF8EwEBAQEBAQGBCoQkAQEDASNVBgsLIRYLAgIJAwIBAgFFEwgBAYgiCLUPlQcBAQEHAQEBAR6LcIUSF4JSgUMBBJVBgkGBXIhYiHiRdCaEATyDAAEBAQ
X-IronPort-AV: E=Sophos;i="5.17,450,1437436800"; d="asc'?scan'208";a="24269880"
Received: from vla196-nat.cisco.com (HELO bgl-core-3.cisco.com) ([72.163.197.24]) by bgl-iport-4.cisco.com with ESMTP; 01 Sep 2015 17:02:03 +0000
Received: from [10.65.43.131] ([10.65.43.131]) by bgl-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id t81H23vQ010660 for <saag@ietf.org>; Tue, 1 Sep 2015 17:02:03 GMT
To: saag@ietf.org
References: <CAHbuEH6w+O-TSA9SRP-9TrM+Hdh+vn7Me+tdJrFTNY_-Nbenug@mail.gmail.com> <20150901165526.GU9021@mournblade.imrryr.org>
From: Eliot Lear <lear@cisco.com>
Message-ID: <55E5DA09.7060104@cisco.com>
Date: Tue, 01 Sep 2015 19:02:01 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <20150901165526.GU9021@mournblade.imrryr.org>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="xq1QXMIHbNI82V3DlgHIgvqck3gFk4mLc"
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/qDIP5qPJTI-OO5GsZskxpxACuVE>
Subject: Re: [saag] Section 2.9: was Re: AD review of draft-iab-crypto-alg-agility-06
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2015 17:02:10 -0000
Hi Victor, On 9/1/15 6:55 PM, Viktor Dukhovni wrote: > Rapid deprecation of weaker crypto is net loss for OS when the > result is loss of interoperability and/or fallback to cleartext. Of course, this holds true when there are no alternatives from which to select. And it ties back to the second advantage you cited: > Makes it possible to phase out old deprecated algorithms. But what is it one has to do? Why is the answer simply to specify MTI two actively used suites and then vary which two over some (hopefully long) period over time? Eliot
- [saag] Section 2.9: was Re: AD review of draft-ia… Kathleen Moriarty
- Re: [saag] Section 2.9: was Re: AD review of draf… Viktor Dukhovni
- Re: [saag] Section 2.9: was Re: AD review of draf… Eliot Lear
- Re: [saag] Section 2.9: was Re: AD review of draf… Viktor Dukhovni
- Re: [saag] Section 2.9: was Re: AD review of draf… Steve Crocker
- Re: [saag] Section 2.9: was Re: AD review of draf… Salz, Rich
- Re: [saag] Section 2.9: was Re: AD review of draf… Russ Housley
- Re: [saag] Section 2.9: was Re: AD review of draf… Viktor Dukhovni
- Re: [saag] Section 2.9: was Re: AD review of draf… Kathleen Moriarty
- Re: [saag] Section 2.9: was Re: AD review of draf… Russ Housley
- Re: [saag] Section 2.9: was Re: AD review of draf… Sam Hartman
- Re: [saag] Section 2.9: was Re: AD review of draf… Kathleen Moriarty
- Re: [saag] Section 2.9: was Re: AD review of draf… Viktor Dukhovni
- Re: [saag] Section 2.9: was Re: AD review of draf… Barry Leiba
- Re: [saag] Section 2.9: was Re: AD review of draf… Russ Housley
- Re: [saag] Section 2.9: was Re: AD review of draf… Kathleen Moriarty
- Re: [saag] Section 2.9: was Re: AD review of draf… Stephen Farrell
- Re: [saag] Section 2.9: was Re: AD review of draf… Viktor Dukhovni
- Re: [saag] Section 2.9: was Re: AD review of draf… Russ Housley
- Re: [saag] Section 2.9: was Re: AD review of draf… Viktor Dukhovni
- Re: [saag] Section 2.9: was Re: AD review of draf… Russ Housley
- Re: [saag] Section 2.9: was Re: AD review of draf… Viktor Dukhovni
- Re: [saag] Section 2.9: was Re: AD review of draf… Sam Hartman
- Re: [saag] Section 2.9: was Re: AD review of draf… Kathleen Moriarty