----- Original Message -----
From: "Russ Housley" <housley(_at_)vigilsec(_dot_)com>
To: "Peterson, Jon" <jon(_dot_)peterson(_at_)neustar(_dot_)biz>
Cc: <ietf-smime(_at_)imc(_dot_)org>
Sent: Tuesday, March 11, 2003 7:28 AM
Subject: RE: I-D ACTION:draft-ietf-sip-smime-aes-00.txt
Jon:
CMS no longer includes any mandatory to implement algorithms. This was
done so that each application could assign the best algorithms for their
environment.
For S/MIME version 3.1, the mandatory to implement encryption algorithm is
Triple-DES. I do not expect this to change. However, there has been
discussion about making AES a SHOULD implement algorithm. The "Use of AES
with CMS" specification is finally nearly finished. This is intended to
send a message to implementors that AES will probably become a MUST
implement algorithm in the future. At that time, AES would become MUST
and
Triple-DES would become SHOULD (to preserve interoperability with old
algorithms).
Is backwards interoperability considered a SHOULD? I would think that it's
important enough to make it a MUST (at least for decryption of old
messages).
Enzo