On 2014-07-30 15:45, Paul Hoffman wrote:
> On Jul 24, 2014, at 3:36 PM, Kohei Kasamatsu <[email protected]>
> wrote:
>
>> I strongly believe that BCP needs to include alternative algorithms
>> - with different design policy from algorithm which your I-D recommends
>> - which are widely implemented
>> - which are internationally standardized
>>
>> Because when protocols depend on single primitive and vulnerability
>> related to the primitive is found it takes a lot of time to migrate from
>> insecure primitive to secure one.
>
> Based on long experience in the IETF, this seems like the opposite of a BCP.
> Protocols that have had multiple mandatory-to-implement algorithms "in case
> there was a crypto failure" have led to interoperability failures and
> confusion for users. Clearly, TLS needs to have crypto agility in case of
> crypto failures, but the current BCP does not prevent that. But "alternative
> algorithms" has been shown to have negative effects.
I agree. The purpose of a BCP is to document the best possible current
behaviour, not create a wish-list.
When at some time in the future alternative algorithms have been shown
to be better and deployable, the BCP will be revised to reflect that.
Cheers Leif
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
