On Mon, 11 Dec 2006 09:55:33 -0600
Nicolas Williams <[EMAIL PROTECTED]> wrote:
> Also, I'm not sure that the use of "MUST-" and "SHOULD+" is actually
> useful. In this update no algorithms previously classified as MUST-
> have been downgraded, and no algorithms previously classified as
> SHOULD+ have been upgraded. It seems likely to me some AES cipher
> mode will eventually become a MUST, but it's not clear to me that
> AES-CBC, for example, which is marked SHOULD+, will be it. Therefore
> I would argue that these designations should be changed to MUST and
> SHOULD, respectively. Or perhaps this I-D is a good opportunity to
> downgrade TripleDES-CBC to SHOULD or MAY and upgrade either AES-CBC
> and/or AES-CTR to MUST?
>
I'm not sure it's feasible yet to make 3DES a SHOULD; it's quite clear
to me that AES-CBC should become a MUST. We can't make AES-CTR the
only MUST unless we abolish manual keying. I could probably deal with
AES-CTR and AES-CBC both being mandated, but I'm really not a fan of
counter mode; it's just too easy to make bad mistakes.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
_______________________________________________
Ietf mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/ietf
