On Mon, 11 Dec 2006 09:55:33 -0600 Nicolas Williams <Nicolas.Williams@xxxxxxx> wrote: > Also, I'm not sure that the use of "MUST-" and "SHOULD+" is actually > useful. In this update no algorithms previously classified as MUST- > have been downgraded, and no algorithms previously classified as > SHOULD+ have been upgraded. It seems likely to me some AES cipher > mode will eventually become a MUST, but it's not clear to me that > AES-CBC, for example, which is marked SHOULD+, will be it. Therefore > I would argue that these designations should be changed to MUST and > SHOULD, respectively. Or perhaps this I-D is a good opportunity to > downgrade TripleDES-CBC to SHOULD or MAY and upgrade either AES-CBC > and/or AES-CTR to MUST? > I'm not sure it's feasible yet to make 3DES a SHOULD; it's quite clear to me that AES-CBC should become a MUST. We can't make AES-CTR the only MUST unless we abolish manual keying. I could probably deal with AES-CTR and AES-CBC both being mandated, but I'm really not a fan of counter mode; it's just too easy to make bad mistakes. --Steve Bellovin, http://www.cs.columbia.edu/~smb _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf