[Cryptography] New IETF draft on proposed best practices -- feedback wanted

Salz, Rich rsalz at akamai.com
Thu Mar 24 00:05:54 EDT 2016

"No Mandatory to Implement crypto without public review"

   Cryptography is becoming more important to the IETF and its
   protocols, and more IETF protocols are using, or looking at,
   cryptography to increase privacy on the Internet [RFC7258].

   This document specifies a proposed best practice for any protocol (or
   data format) that uses cryptography.  Namely, that such RFCs cannot
   specify an algorithm as mandatory-to-implement (MTI) unless that
   algorithm has had reasonable public review.  This document also
   "sketches out" a rough definition around what such a review would
   look like.

Current official version here: https://tools.ietf.org/html/draft-rsalz-drbg-speck-wap-wep-00 
Open development/writing here: https://github.com/richsalz/draft-rsalz-dbrg-speck-wap-wep
Email for discussion here: saag at ietf.org (might have to join to post, else wait for a moderator to approve you)

Senior Architect, Akamai Technologies
IM: richsalz at jabber.at Twitter: RichSalz

More information about the cryptography mailing list