Trevor Freeman <[email protected]> writes: >Use of 3DES today for instance by no stretch of the imagination can be >classed as a "best" practice.
Why not? Or at least, we need to figure out what the requirements are for "best practice", I think we can agree on some things that aren't (e.g. using MD5, RC4, etc) but is using an unbroken algorithm with a 35+ year track record really a bad thing? Sure, its pretty slow, but as a cryptographer recently commented to me, "you're unlikely to be surprised" when (or long after) you deploy it. >Can I suggest a taxonomy of identifying practices in the BCP which are either >best, acceptable or minimal in the document. > >E.g. That's not really a classification mechanism (although it may be a taxonomy), it's more of a shopping list. For example: >* if I negotiate TLS 1.2, with EC, PFS, AES GCM, then that would be a >best practice Why not DH+RSA and AES with EtM? I can make a good argument for those (the DLP-based cryptosystems are extremely vulnerable to implementation issues that tend to make them leak their private key, ECDSA doesn't have RSA's nice asymmetric properties that make it amenable to use on low-power clients, and everything does RSA but not everything does ECDH/ECDSA). Peter. _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
