Re: WGLC for draft-ietf-pkix-sha2-dsa-ecdsa-06.txt

[Stefan Santesson <stefan@xxxxxxxxxxx>]

Mike,

I agree and I think we are saying the same thing in slightly different ways.

What I said before your cut was:

 "I personally dislike standards stating requirements on algorithm support
for any reason other than to increase interoperability."

The key is that we list algorithms in standards more to support
interoperability than to state what security level that is adequate for
certain usages of a protocol.

/Stefan


On 09-06-16 8:04 PM, "Michael StJohns" <mstjohns@xxxxxxxxxxx> wrote:

> 
> Yes and no.
> 
> The policy for the IETF has always been to specify a minimum set of
> interoperable algorithms as MUSTs and those generally get specified in the
> standard or amendments to the standard.  Over time, we recognize that older
> algorithms no longer meet the minimum security needs and they should first be
> deprecated and then obsoleted.
> 
> BCPs are not standards documents per se - they are not generally controlling
> on the implementors, but are targeted for the operators/users who may be quite
> removed from the implementors.  As such, BCPs may not be (IMHO are not) the
> right place for specifying the minimums for algorithm support.
> 
> So - mostly no.
> 
> Mike
> 
> 
> At 01:26 PM 6/16/2009, Stefan Santesson wrote:
>> The choices of adequate
>> and secure algorithms is a constantly moving target and is ideally better
>> stated in BCP documents if the rationale is purely security driven.
> 
>