Rich, I was looking for some middle ground between your proposal and Ryan's rather strongly-worded objections. An "example" is by definition just one item taken from a larger list, so there is no danger of a list of examples being taken as exhaustive. I personally think Ryan's concerns are perhaps a little overstated, so that is why I was wondering aloud about middle ground. ...Mark On Tue, May 13, 2014 at 8:00 AM, Salz, Rich <rsalz@akamai.com> wrote: > > Would it help to augment the existing warning text cited by Vijay with > some _examples_ of published attacks / weaknesses for some of the > algorithms ? > > > > How does that not run into the same concern about being taken as a > comprehensive warning? Is “For example, …” considered that much less > compelling? As for examples, just read the titles in the proposed security > references section. > > > > > IIUC the concern with the proposed text is that it might give the > impression we're providing exhaustive, up-to-date advice and that we have > some agreed yardstick by which to measure whether a given algorithm should > get a thumbs up or thumbs down. > > > > There will never be exhaustive, up-to-date advice. Given that truism, what > do you do? That’s a real question. And as for the yardstick, you’ve got a > list of open references, and the original CFRG/Paterson et al email message > gave a summary. > > -- > > Principal Security Engineer > > Akamai Technologies, Cambridge, MA > > IM: rsalz@jabber.me; Twitter: RichSalz >
Received on Tuesday, 13 May 2014 15:11:53 UTC