[Cryptography] New IETF draft on proposed best practices -- feedback wanted
Salz, Rich
rsalz at akamai.com
Thu Mar 24 00:05:54 EDT 2016
"No Mandatory to Implement crypto without public review"
Cryptography is becoming more important to the IETF and its
protocols, and more IETF protocols are using, or looking at,
cryptography to increase privacy on the Internet [RFC7258].
This document specifies a proposed best practice for any protocol (or
data format) that uses cryptography. Namely, that such RFCs cannot
specify an algorithm as mandatory-to-implement (MTI) unless that
algorithm has had reasonable public review. This document also
"sketches out" a rough definition around what such a review would
look like.
Current official version here: https://tools.ietf.org/html/draft-rsalz-drbg-speck-wap-wep-00
Open development/writing here: https://github.com/richsalz/draft-rsalz-dbrg-speck-wap-wep
Email for discussion here: saag at ietf.org (might have to join to post, else wait for a moderator to approve you)
--
Senior Architect, Akamai Technologies
IM: richsalz at jabber.at Twitter: RichSalz
More information about the cryptography
mailing list