[147564] in cryptography@c2.net mail archive
Re: [Cryptography] Crypto Standards v.s. Engineering habits - Was:
daemon@ATHENA.MIT.EDU (Bill Frantz)
Tue Oct 8 10:13:41 2013
X-Original-To: cryptography@metzdowd.com
Date: Mon, 7 Oct 2013 22:11:28 -0700
From: Bill Frantz <frantz@pwpconsult.com>
To: cryptography@metzdowd.com
In-Reply-To: <6A6E8D2C-1897-40F9-8174-99453531BC32@gmail.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 10/6/13 at 8:26 AM, crypto.jmk@gmail.com (John Kelsey) wrote:
>If we can't select ciphersuites that we are sure we will always
>be comfortable with (for at least some forseeable lifetime)
>then we urgently need the ability to *stop* using them at some
>point. The examples of MD5 and RC4 make that pretty clear.
>Ceasing to use one particular encryption algorithm in something
>like SSL/TLS should be the easiest case--we don't have to worry
>about old signatures/certificates using the outdated algorithm
>or anything. And yet we can't reliably do even that.
We seriously need to consider what the design lifespan of our
crypto suites is in real life. That data should be communicated
to hardware and software designers so they know what kind of
update schedule needs to be supported. Users of the resulting
systems need to know that the crypto standards have a limited
life so they can include update in their installation planning.
Cheers - Bill
-----------------------------------------------------------------------
Bill Frantz | If the site is supported by | Periwinkle
(408)356-8506 | ads, you are the product. | 16345
Englewood Ave
www.pwpconsult.com | | Los Gatos,
CA 95032
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography