[Top] [All Lists]

Re: I-D ACTION:draft-ietf-sip-smime-aes-00.txt

2003-03-10 18:52:03


> CMS no longer includes any mandatory to implement algorithms.  This was
> done so that each application could assign the best algorithms for their
> environment.
> For S/MIME version 3.1, the mandatory to implement encryption algorithm is
> Triple-DES.  I do not expect this to change.  However, there has been
> discussion about making AES a SHOULD implement algorithm.  The "Use of AES
> with CMS" specification is finally nearly finished.  This is intended to
> send a message to implementors that AES will probably become a MUST
> implement algorithm in the future.  At that time, AES would become MUST and
> Triple-DES would become SHOULD (to preserve interoperability with old
> algorithms).

Is backwards interoperability considered a SHOULD? I would think that it's
important enough to make it a MUST (at least for decryption of old

This depends on time scale. I agree that backwards compatibility is very, very important. However, at some point, the current MUST will become a SHOULD and eventually become a MAY. For S/MIME it would be possible to be even more graceful. For example:

   For transmission, the agent MUST implement AES.

   For reception, the agent MUST implement AES and Triple-DES.


<Prev in Thread] Current Thread [Next in Thread>