Paul Hoffman wrote:
On Jan 3, 2015, at 4:32 AM, Michael Ströder <michael(_at_)stroeder(_dot_)com>
wrote:
Isn't it the time to deprecate using tripleDES and add a stronger SHOULD for
using stronger symmetric ciphers?
Why? I have not seen any attacks on TripleDES that make it insecure.
The text from https://tools.ietf.org/html/rfc5751#section-2.7.1.2 is pretty
blurry:
[..] If the sending agent
chooses not to use AES-128 in this step, it SHOULD use tripleDES.
If there are two or more ways to interpret that sentence, we can clarify
it. I don't see more than one, but maybe I'm missing something.
Lazy implementors can read this section like:
"It's fine to only implement tripleDES and not support anything else forever."
Ciao, Michael.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________
smime mailing list
smime(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/smime