[4979] in cryptography@c2.net mail archive
Re: so why is IETF stilling adding DES to protocols? (Re: It's official... DES is History)
daemon@ATHENA.MIT.EDU (EKR)
Fri Jun 25 18:43:11 1999
To: "William H. Geiger III" <whgiii@openpgp.net>
Cc: "Jeffrey I. Schiller" <jis@MIT.EDU>, Ben Laurie <ben@algroup.co.uk>,
Adam Back <aba@dcs.ex.ac.uk>, rah@shipwright.com, dcsb@ai.mit.edu,
cryptography@c2.net, cypherpunks@openpgp.net, mleech@nortel.ca
From: EKR <ekr@rtfm.com>
Date: 25 Jun 1999 15:29:12 -0700
In-Reply-To: "William H. Geiger III"'s message of "Fri, 25 Jun 1999 10:12:40 -0500"
"William H. Geiger III" <whgiii@openpgp.net> writes:
> In <37739267.727CE133@mit.edu>, on 06/25/99
> at 10:29 AM, "Jeffrey I. Schiller" <jis@mit.edu> said:
> Single DES, RC4-40, or any other weak crypto has no place in the IETF
> standards. I though these kind of issues were put to rest during the
> S/MIME debate. Now I see them rearing their ugly head again. If Netscape &
> Microsoft are allowed to control the standard process, it will not be long
> before there are no standards but their own.
To the extent that these issues were "put to rest during the S/MIME
debate" it was in favor of the approach used by TLS.
CMS specifies how to do RC2-40, but mandates support for
3DES, exactly as TLS does.
-Ekr
--
[Eric Rescorla ekr@rtfm.com]
