Re: WGLC for draft-ietf-pkix-sha2-dsa-ecdsa-06.txt

[Michael StJohns <mstjohns@xxxxxxxxxxx>]

Yes and no.

The policy for the IETF has always been to specify a minimum set of interoperable algorithms as MUSTs and those generally get specified in the standard or amendments to the standard.  Over time, we recognize that older algorithms no longer meet the minimum security needs and they should first be deprecated and then obsoleted.  

BCPs are not standards documents per se - they are not generally controlling on the implementors, but are targeted for the operators/users who may be quite removed from the implementors.  As such, BCPs may not be (IMHO are not) the right place for specifying the minimums for algorithm support.

So - mostly no.

Mike


At 01:26 PM 6/16/2009, Stefan Santesson wrote:
>The choices of adequate
>and secure algorithms is a constantly moving target and is ideally better
>stated in BCP documents if the rationale is purely security driven.