[147528] in cryptography@c2.net mail archive
Re: [Cryptography] Crypto Standards v.s. Engineering habits - Was:
daemon@ATHENA.MIT.EDU (John Kelsey)
Sun Oct 6 10:08:32 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <3384C0C4-10C1-43A1-9B13-7BF0212AFB9B@mac.com>
From: John Kelsey <crypto.jmk@gmail.com>
Date: Sat, 5 Oct 2013 21:29:05 -0400
To: james hughes <hughejp@mac.com>
Cc: Jerry Leichter <leichter@lrw.com>, James Hughes <hughejp@mac.com>,
Christoph Anton Mitterer <calestyo@scientia.net>,
"cryptography@metzdowd.com List" <cryptography@metzdowd.com>,
Dirk-Willem van Gulik <dirkx@webweaving.org>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
One thing that seems clear to me: When you talk about algorithm flexibility in a protocol or product, most people think you are talking about the ability to add algorithms. Really, you are talking more about the ability to *remove* algorithms. We still have stuff using MD5 and RC4 (and we'll probably have stuff using dual ec drbg years from now) because while our standards have lots of options and it's usually easy to add new ones, it's very hard to take any away.
--John
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
