On Fri, Nov 18, 2011 at 2:34 AM, Sean Turner <[email protected]> wrote: > On 11/18/11 2:21 PM, Christopher Morrow wrote: >> >> On Thu, Nov 17, 2011 at 12:50 PM, Brian Dickson >> <[email protected]> wrote: >> >>> Here's the thing - if all-A chains continue to exist until Phase 4, >>> _and_ fallback to Suite A is required, this is a downgrade-attack >>> vulnerability. >>> >> >> It seems to me that as long as there are consumers of cert material >> that can not do the 'new hotness' (B in your example) you will have to >> make products in the 'old and busted' form. Once everyone can do 'new >> hotness', there is a relatively short period of time required to kill >> off 'old and busted'. >> >> I don't think you can get away with not making 'old and busted' until >> everyone is able to plan ball, eh? > > Hope of hopes here is that we don't just transition when an alg is broke. > Algs weaken over time - that's just a fact. When we retire an alg because > it doesn't cut it anymore, then running with the old unbroken alg is a > downgrade but assuming the alg ain't broke then it's probably okay for the > transition period.
do I have to apologize for the MIB refernce? _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
