comments on draft-dusse-smime-msg


Any usable encryption protocol must specify at least one strong 
MUST IMPLEMENT encryption algorithm.  (I would define this as
one algorithm that has not been broken using only knowledge of
the algorithm used and the ciphertext).  If there is no MUST
IMPLEMENT algorithm, it fails the interoperability requirement.
If the only MUST IMPLEMENT algorithms are weak ones, the
protocol isn't technically sound -- it fails to provide 
the service that it claims to provide.

As far as I know, DES-EDE3-CBC/tripleDES is sufficiently strong,
but the current draft says only "SHOULD implement".   This is 
not sufficient. 

Engineering standards for bridge design do not allow designs 
that are known to collapse under load.  Neither should IETF approve 
an encryption standard that is known to be easily breakable.

Keith

<Prev in Thread]	Current Thread	[Next in Thread>
comments on draft-dusse-smime-msg, Keith Moore <= comments on the draft, 8bit & binary issues, Laurence Lundblade

Previous by Date:	RE: Restarting the 40-bit debate, Lindsay Mathieson
Next by Date:	Re: Restarting the 40-bit debate, David P. Kemp
Previous by Thread:	Restarting the 40-bit debate, Paul E. Hoffman
Next by Thread:	comments on the draft, 8bit & binary issues, Laurence Lundblade
Indexes:	[Date] [Thread] [Top] [All Lists]