Re: [secdir] secdir review draft-iab-crypto-alg-agility-06 (almost done)

Leif Johansson <> Wed, 05 August 2015 11:25 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id BB7451B2F9B; Wed, 5 Aug 2015 04:25:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.661
X-Spam-Status: No, score=-1.661 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_SE=0.35, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id XsIm_AcwkFSH; Wed, 5 Aug 2015 04:25:17 -0700 (PDT)
Received: from ( [IPv6:2001:6b0:8:2::201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 14D7C1B2F8D; Wed, 5 Aug 2015 04:25:16 -0700 (PDT)
Received: from ( []) by (8.14.4/8.14.4/Debian-4) with ESMTP id t75BPCiB005470 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 5 Aug 2015 13:25:12 +0200
Received: from ( []) by (8.14.9/8.14.7) with ESMTP id t75BP7uV006210 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 5 Aug 2015 13:25:09 +0200 (CEST)
VBR-Info:; mc=all;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=default; t=1438773911; bh=XBd+Rfv7M4AYF9hN6wij03fy7/0EVwYfHJAOi46kqsg=; h=Date:From:To:CC:Subject:References:In-Reply-To; b=SUXCmcjVWsEjTTD13/Xmqrr4E4p42y4WJg9GYbHtZFIRSUWNkCenyzRz98gAhImEx X3wMOVYiJQ4b60is736Bt16wKYSnSydyk1EelOFcKoANGkt859S3YPwMktwJsuRPEA htTGvYuzpWs5jkP+2eN+/Y0qhECE+5N0843a5HOE=
X-Footer: c3VuZXQuc2U=
Received: from [] ([]) (authenticated user by (Kerio Connect 8.3.4 patch 1) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA (256 bits)); Wed, 5 Aug 2015 13:25:05 +0200
Message-ID: <>
Date: Wed, 05 Aug 2015 13:25:05 +0200
From: Leif Johansson <>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.8.0
MIME-Version: 1.0
To: Paul Hoffman <>
References: <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 8bit
X-Bayes-Prob: 0.0001 (Score 0, tokens from: outbound, outbound-sunet-se:default, sunet-se:default, base:default, @@RPTN)
X-CanIt-Geo: ip=; country=SE; latitude=59.3294; longitude=18.0686;,18.0686&z=6
X-CanItPRO-Stream: outbound-sunet-se:outbound (inherits from outbound-sunet-se:default, sunet-se:default, base:default)
X-Canit-Stats-ID: 09P0XpczN - c138b14a35a2 - 20150805
X-CanIt-Archive-Cluster: PfMRe/vJWMiXwM2YIH5BVExnUnw
Received-SPF: neutral ( is neither permitted nor denied by domain; client-ip=; envelope-from=<>;; identity=mailfrom
X-Scanned-By: CanIt (www . roaringpenguin . com) on
Archived-At: <>
Cc: IESG <>, "" <>, "" <>
Subject: Re: [secdir] secdir review draft-iab-crypto-alg-agility-06 (almost done)
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 05 Aug 2015 11:25:19 -0000

On 2015-08-04 17:40, Paul Hoffman wrote:
> On 4 Aug 2015, at 5:29, Leif Johansson wrote:
>> To some extent I think you are right but I'm not sure it is possible to
>> do much better in a general document. I think you are looking for a
>> "UTA-style BCP" with general applicability to algorithm selection and
>> agility and I'm not sure that is possible.
> It may not be possible, but that's what this draft is trying to do (but,

I guess I didn't read it that way. My understanding is that the draft
was trying to describe the motivations and challenges involved in
algoritm agility and provide some basic guidance along the way.

I think it does a decent job at this.

Is it possible to say more in a document scoped to specific audiences?


Why not write those documents too?

> as Hannes points out, without saying so). That is, without a tight
> scoping of who the document is meant for, it naturally has been pulled
> in different directions for different audiences without being explicit.
> UTA had the same problem with it's initial documents, and that is why it
> took so long to finish.

By IETF standards the UTA documents got done pretty quickly.

	Cheers Leif