Re: [smime] deprecate tripleDES?

Paul Hoffman wrote:

On Jan 3, 2015, at 4:32 AM, Michael Ströder <michael(_at_)stroeder(_dot_)com> 
wrote:

Isn't it the time to deprecate using tripleDES and add a stronger SHOULD for
using stronger symmetric ciphers?


Why? I have not seen any attacks on TripleDES that make it insecure.

The text from https://tools.ietf.org/html/rfc5751#section-2.7.1.2 is pretty
blurry:

  [..] If the sending agent
  chooses not to use AES-128 in this step, it SHOULD use tripleDES.


If there are two or more ways to interpret that sentence, we can clarify
it. I don't see more than one, but maybe I'm missing something.


Lazy implementors can read this section like:
"It's fine to only implement tripleDES and not support anything else forever."

Ciao, Michael.

smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
smime mailing list
smime(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/smime

<Prev in Thread]	Current Thread	[Next in Thread>
[smime] deprecate tripleDES?, Michael Ströder Re: [smime] deprecate tripleDES?, Paul Hoffman Re: [smime] deprecate tripleDES?, Sean Leonard Re: [smime] deprecate tripleDES?, Michael Ströder <= Re: [smime] deprecate tripleDES?, Phillip Hallam-Baker Re: [smime] deprecate tripleDES?, Michael Ströder

Previous by Date:	Re: [smime] S/MIME publishing mailing list, Michael Ströder
Next by Date:	Re: [smime] S/MIME publishing mailing list, Michael Ströder
Previous by Thread:	Re: [smime] deprecate tripleDES?, Sean Leonard
Next by Thread:	Re: [smime] deprecate tripleDES?, Phillip Hallam-Baker
Indexes:	[Date] [Thread] [Top] [All Lists]