Re: I-D ACTION:draft-ietf-sip-smime-aes-00.txt

----- Original Message -----
From: "Russ Housley" <housley <at> vigilsec.com>
To: "Peterson, Jon" <jon.peterson <at> neustar.biz>
Cc: <ietf-smime <at> imc.org>
Sent: Tuesday, March 11, 2003 7:28 AM
Subject: RE: I-D ACTION:draft-ietf-sip-smime-aes-00.txt

> Jon:
>
> CMS no longer includes any mandatory to implement algorithms.  This was
> done so that each application could assign the best algorithms for their
> environment.
>
> For S/MIME version 3.1, the mandatory to implement encryption algorithm is
> Triple-DES.  I do not expect this to change.  However, there has been
> discussion about making AES a SHOULD implement algorithm.  The "Use of AES
> with CMS" specification is finally nearly finished.  This is intended to
> send a message to implementors that AES will probably become a MUST
> implement algorithm in the future.  At that time, AES would become MUST
and
> Triple-DES would become SHOULD (to preserve interoperability with old
> algorithms).

Is backwards interoperability considered a SHOULD? I would think that it's
important enough to make it a MUST (at least for decryption of old
messages).

Enzo