Re: SHOULD NOT DES (was RE: Editorial: Use of MAY...)

[Henry Spencer <henry@spsystems.net>]

On Wed, 11 Jun 2003, Paul Hoffman / VPNC wrote:
> >>  So you think it is better to give a lower recommendation for an
> >>  algorithm with a known (weak) key strength than to algorithms that
> >>  could be much weaker, including zero encryption.
> >Where, exactly, did either Bill or I say that?  Please be precise.
> 
> I only saw messages about making DES be SHOULD NOT, not any messages 
> about making all the other variable-length ciphers SHOULD NOT. If you 
> sent such a message and I missed it, I apologize.

You're still jumping to conclusions -- the fact that you have not heard
from me about the variable-length ciphers tells you nothing about my
position on them, so you cannot legitimately infer that I consider dealing
with them unimportant.  (And your "zero encryption" remark remains odd,
because none of the RFC 2451 variable-length ciphers goes down to zero.)

My position on them actually lines up closely with David Wagner's most
recent message:  they *are* lower priority -- not because they are better,
but because they are little-used and do have at least the option of longer
keys -- but it would nevertheless be good to deal with them too.  Dealing
properly with DES, however, is *important*.

                                                          Henry Spencer
                                                       henry@spsystems.net