On Jan 3, 2015, at 4:32 AM, Michael Ströder <michael(_at_)stroeder(_dot_)com>
wrote:
Isn't it the time to deprecate using tripleDES and add a stronger SHOULD for
using stronger symmetric ciphers?
Why? I have not seen any attacks on TripleDES that make it insecure.
The text from https://tools.ietf.org/html/rfc5751#section-2.7.1.2 is pretty
blurry:
[..] If the sending agent
chooses not to use AES-128 in this step, it SHOULD use tripleDES.
If there are two or more ways to interpret that sentence, we can clarify it. I
don't see more than one, but maybe I'm missing something.
--Paul Hoffman
_______________________________________________
smime mailing list
smime(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/smime