[Top] [All Lists]

Re: Mandatory Algorithm Changes?

2005-02-08 11:58:44

On Tue, Feb 08, 2005 at 09:42:20AM -0800, Jon Callas wrote:

I almost cringe to suggest this, but I will.

Triple-DES is pretty much obsolete. Yesterday, I saw that NIST 
announced they're moving to stronger hashes.

Does anyone object to changing the MUST cipher to AES (I'd pick 128) 
and MUST hash to SHA-256?

This would be difficult to do without breaking backwards
compatibility.  There are a lot of deployed systems that expect 3DES
to be the MUST cipher.

I'm not against adding a second MUST cipher without removing the
current 3DES, but I don't see how the 3DES as the
cipher-of-last-resort could be changed except over a significant
amount of time.