Re: so why is IETF stilling adding DES to protocols? (Re: It's official... DES is History)

[Ben Laurie]

Adam Back wrote:
> My arguments that adding broken ciphersuites to an IETF standard was
> in direct and obvious violation of RFC 1984 fell on deaf ears, as
> Netscape, microsoft and even openSSL (in the form of Ben Laurie)
> busily rushed and implemented the proposed broken ciphersuites.

OpenSSL has them disabled by default. But I am torn on this question:
these new ciphersuites give greater strength than existing ones when
interopping with export stuff. Is it sensible to refuse to add stronger
ciphersuites? If it isn't, because they are crap, should we (the OpenSSL
team) disable _all_ export ciphersuites?

I mainly implemented them because they required extensions to the
ephemeral RSA key generation (to specify the number of bits), and I
wanted to add that long before it was actually needed.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
     - Indira Gandhi