> On Dec 18, 2018, at 1:39 AM, Valery Smyslov <[email protected]> wrote:
>
>
> [EXTERNAL EMAIL]
>
> Hi Paul,
>
> I think it is a good idea to have some indication in IANA about the current
> status of the algorithm,
> similar to recent changes in the TLS registry (and in fact I initiated this
> discussion in Bangkok).
>
>>> I think we need an RFC to at least categorize the algorithms, unless we
>>> want the IANA registry to have stuff
>> like “SHOULD-“ and “MAY+:
>>
>> We only need to add the SHOULD NOT and MUST NOT's and possibly some
>> MAY's that are deemed otherwise ancient and deprecated (eg CAST)
>>
>> Anything with a + would surely not be deprecated as it is still climbing
>> up. Anything with a - is still in use and we cannot deprecate it yet.
>
> Well, I think it's a bit too complex for random implementer.
> I'd prefer to classify all algorithms as follows:
>
> 1. Secure, required for interoperability
> 2. Secure, not required for interoperability
> 3. Insecure (obsoleted)
>
> Regards,
> Valery.
Possibly some algorithms are candidates for "obsolete" status not because they
are known to be insecure but because they never got traction or security
analysis. I'm not sure if CAST is an example.
On terminology: "secure" is too strong a statement for the non-expert audience.
"Believed to be secure" would be more prudent, but I don't really like those
words either. Can we come up with some words that don't suggest a guarantee we
can't make?
paul
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
