[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Last ditch proposal for crypto suites
In message <F4FC57B40BEE6E418CF222DCF8D5546508B0EB@USEXCH3.us.sonicwall.com>, r
charlet@SonicWALL.com writes:
>Howdy,
>
> What would happen if we have a MUST implement crypto suite that one day
> is shown to be no-longer trustworthy?
We deprecate it and define a new one. The same applies to a
mandatory-to-implement a la carte algorithm, such as DES...
You do make a good point, though: the document should say (for
algorithms or suites) that "implementations SHOULD provide a way for
administrators to disable use of certain choices, even if their
implementation is mandatory per this or other RFCs".
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com ("Firewalls" book)