Jon Callas wrote:
Mandatory-to-implement does not mean mandatory-to-use.
If we change 3DES to AES, things don't instantly stop working. If we do
that, 3DES would be a SHOULD, of course, and there will be a note that
says that if you don't implement 3DES there could be interoperability
I don't think that any reasonable implementor is going to run right out
and code stupidly. It will obviously take a couple of years before
someone can safely assume, for example, that the
algorithm-of-last-resort would be AES.
However, if we ever want to roll 3DES over to AES, we have to start
sometime. The couple of years of bake-in doesn't start until a change is
made. Why not now?
I'm willing to concede the point on SHA-256, I wouldn't have brought it
up at all if NIST hadn't said a couple days ago they're phasing out
SHA-1 and rolling to SHA-256.
Oops. What I said was that this seems like a candidate for having flags
in the PGP certificates that say what is supported by the receiving
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff