[saag] Algorithms/modes requested by users/customers
Randall Atkinson
rja at extremenetworks.com
Sat Feb 16 18:42:57 EST 2008
Earlier, someone said:
% I think it would help enormously if we had some sort of
% cross IETF statement of the set of algorithms that are
% currently the consensus recommendations for support.
I will answer a slightly different question. For the question:
"What algorithms/modes are most paying customers asking for ?"
the answers turn out to be:
1) NIST FIPS-140 conforming algorithms/modes.
and
2) Suite-B conforming algorithms/modes.
Approximately speaking, (2) above is a subset of (1) above.
The IETF might make some different decision than those,
but equipment vendors will have to implement (1) or (2)
to please most commercial users (e.g. banks, insurance firms,
stock brokerages/markets, top international commercial
firms in other areas). So whether or not these are specified
by IETF on the standards-track, there is interoperability value
in having open specifications (e.g. Informational RFC would
do quite nicely) for (1) and (2) for nearly any Internet-related
protocol using cryptography.
This seems to be driven externally by insurance firms that tell
their customers to only use equipment whose cryptographic
subsystems/modules have been (or are going to be) evaluated
formally under FIPS-140.
And I'll note that this are not really driven particularly by US firms.
European, Asia/Pacific, and Latin American firms are making the
exact same requests for FIPS-140 of their equipment vendors.
Yours,
Ran
rja at extremenetworks.com
More information about the saag
mailing list