Hi Vijay, Thanks for your review!
Whether the document should say "SHOULD NOT", "MUST NOT", or possibly something else (such as "MAY") was discussed extensively in TLS WG (in fact, this was the *only* part of the document that was discussed), and the WG settled for "SHOULD NOT". I'm not going to summarize the whole discussion (if you're interested, see TLS WG mailing list, Nov 2007..Feb 2008 and May..June 2008), but existing implementations were certainly one consideration. Another reason was that RFC 2119 recommends using "MUST" sparingly. Especially for IDEA, it was thought that totally prohibiting its use would require much stronger reasons than "it hasn't been widely used in TLS" (unlike for single-DES, there are currently no known practical attacks against IDEA, and it is actually used in real world with some other protocols than TLS). Best regards, Pasi > -----Original Message----- > From: Vijay K. Gurbani > Sent: 11 November, 2008 21:22 > To: Eronen Pasi (Nokia-NRC/Helsinki) > Cc: General Area Review Team; [EMAIL PROTECTED]; Eric Rescorla > Subject: [Gen-art] Gen-ART review of draft-ietf-tls-des-idea-02.txt > > I have been selected as the General Area Review Team (Gen-ART) > reviewer for this draft (for background on Gen-ART, please see > http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html). > > Please wait for direction from your document shepherd > or AD before posting a new version of the draft. > > Document: draft-ietf-tls-des-idea-02.txt > Reviewer: Vijay K. Gurbani > Review Date: 11 Nov. 2008 > IETF LC End Date: 17 Nov. 2008 > IESG Telechat date: unknown > > Summary: This draft is ready for publication as an Informational. > > One question I had was that since the draft is deprecating DES > and IDEA beyond TLS 1.2, why the normative strength of SHOULD NOT > in S4.1 and S4.2 (versus MUST NOT)? > > Is that because existing products will not, in all probability, > rip out code for DES and IDEA if already implemented? > > If so, does it make sense to say that new TLS implementations > MUST NOT implement DES and IDEA but existing ones SHOULD > consider removing these cipher suites for all the reasons given > in S4.1 and S4.2? > > Thanks, > > - vijay > -- > Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent > 1960 Lucent Lane, Rm. 9C-533, Naperville, Illinois 60566 (USA) > Email: [EMAIL PROTECTED],bell-labs.com,acm.org} > WWW: http://www.alcatel-lucent.com/bell-labs > _______________________________________________ > Gen-art mailing list > Gen-art@ietf.org > https://www.ietf.org/mailman/listinfo/gen-art > _______________________________________________ Gen-art mailing list Gen-art@ietf.org https://www.ietf.org/mailman/listinfo/gen-art
