[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last ditch proposal for crypto suites

To: rcharlet@SonicWALL.com
Subject: Re: Last ditch proposal for crypto suites
From: "Steven M. Bellovin" <smb@research.att.com>
Date: Thu, 29 Aug 2002 13:03:59 -0400
Cc: Charlie_Kaufman@notesdev.ibm.com, ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

In message <F4FC57B40BEE6E418CF222DCF8D5546508B0EB@USEXCH3.us.sonicwall.com>, r
charlet@SonicWALL.com writes:
>Howdy,
>
>	What would happen if we have a MUST implement crypto suite that one day
> is shown to be no-longer trustworthy?

We deprecate it and define a new one.  The same applies to a 
mandatory-to-implement a la carte algorithm, such as DES...
You do make a good point, though: the document should say (for 
algorithms or suites) that "implementations SHOULD provide a way for 
administrators to disable use of certain choices, even if their 
implementation is mandatory per this or other RFCs".

		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com ("Firewalls" book)

Prev by Date: Re: Last ditch proposal for crypto suites
Next by Date: RE: Last ditch proposal for crypto suites
Prev by thread: Re: Last ditch proposal for crypto suites
Next by thread: Re: Last ditch proposal for crypto suites
Index(es):
- Date
- Thread