On Mon, 11 Dec 2006 09:55:33 -0600
Nicolas Williams <Nicolas(_dot_)Williams(_at_)sun(_dot_)com> wrote:
Also, I'm not sure that the use of "MUST-" and "SHOULD+" is actually
useful. In this update no algorithms previously classified as MUST-
have been downgraded, and no algorithms previously classified as
SHOULD+ have been upgraded. It seems likely to me some AES cipher
mode will eventually become a MUST, but it's not clear to me that
AES-CBC, for example, which is marked SHOULD+, will be it. Therefore
I would argue that these designations should be changed to MUST and
SHOULD, respectively. Or perhaps this I-D is a good opportunity to
downgrade TripleDES-CBC to SHOULD or MAY and upgrade either AES-CBC
and/or AES-CTR to MUST?
I'm not sure it's feasible yet to make 3DES a SHOULD; it's quite clear
to me that AES-CBC should become a MUST. We can't make AES-CTR the
only MUST unless we abolish manual keying. I could probably deal with
AES-CTR and AES-CBC both being mandated, but I'm really not a fan of
counter mode; it's just too easy to make bad mistakes.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf