Re: Draft of workshop notes

Housley, Russ (housley@spyrus.com)
Tue, 12 Mar 96 11:41:50

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: Housley, Russ: "Re: Security Problems"

Raph:
   
>    I agree that algorithm replacement is a worthy goal, but it is a
> separate criterion from the ones I've proposed.

Good.  Please add it to the next table that you post.

>   I do not think you understand my "Interoperable implies Secure"
> criterion. It refers to the security of the weakest algorithm specified
> for use with the protocol. Although it is pretty clear that you and I 
> disagree on whether it's a useful criterion, I still do not see why
> there should be any grounds for disagreement on which +'s and -'s to
> fill in. If the minimum algorithm is secure, it gets a +. If not, then
> not. PGP's minimum algorithm is RSA and IDEA, which at 128 bits, no key
> escrow, and publicly available documentation, clearly rates a +. MSP's
> minimum algorithm (that I know of) is Fortezza, which rates a - at
> best, for reasons I've explained above.

I do understand your criterion.  But, I continue to argue that it is not a 
criterion that we should consider.  Rather, algorithm independence is the 
appropriate criterion.  It is not our job to impose any particular 
algorithm on anyone.  Therefore, we should ensure that the protocols used 
on the Internet support the algorithms that consumers want (or are able to 
purchase in their part of the world).

Russ

Previous message: Housley, Russ: "Re: Security Problems"