[Top] [All Lists]

comments on draft-dusse-smime-msg

1997-05-07 19:45:16

Any usable encryption protocol must specify at least one strong 
MUST IMPLEMENT encryption algorithm.  (I would define this as
one algorithm that has not been broken using only knowledge of
the algorithm used and the ciphertext).  If there is no MUST
IMPLEMENT algorithm, it fails the interoperability requirement.
If the only MUST IMPLEMENT algorithms are weak ones, the
protocol isn't technically sound -- it fails to provide 
the service that it claims to provide.

As far as I know, DES-EDE3-CBC/tripleDES is sufficiently strong,
but the current draft says only "SHOULD implement".   This is 
not sufficient. 

Engineering standards for bridge design do not allow designs 
that are known to collapse under load.  Neither should IETF approve 
an encryption standard that is known to be easily breakable.


<Prev in Thread] Current Thread [Next in Thread>