On 13 Apr 2005, at 2:51 PM, David Shaw wrote:
There are too many years and too many implementations where 3DES is
the algorithm of last resort, and changing 3DES to a SHOULD
necessitates a different algorithm of last resort. We cannot change
that overnight.
I think there is a big difference between what the
implementations do, and what the standard says. If
there is an issue in the short term, then implementations
are free to ignore the standard. It's not as if anyone
ever lost a contract because they couldn't prove absolute
compliance with the standard.
In this happy state of affairs, I am not sure why we
cannot (as a standards body) wiggle our fingers with
fierceness about 3DES and have the implementations
broadly ignore us for many months or even years...
Is the "algorithm of last resort" actually specified
in the draft RFC, is it?
If an implementation
chooses 3DES as its algorithm of last resort, that doesn't
need to change. It just seems likely that in a couple
of years or so, AES would make more sense for that decision.
> I recommend not making any change in default algorithms for 2440bis.
> If and when we take up v5 keys, we can easily set the cipher of last
> resort for v5 keys to something other than 3DES.
The issue I see with that is that this group has been
working for ... 8 years? and hasn't got a standard
out. I'd love to see some action on a v5 key layout,
but I don't have much hope.
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/