Re: "Recommended" is a bad word :)

Rich,

I was looking for some middle ground between your proposal and Ryan's
rather strongly-worded objections. An "example" is by definition just one
item taken from a larger list, so there is no danger of a list of examples
being taken as exhaustive.

I personally think Ryan's concerns are perhaps a little overstated, so that
is why I was wondering aloud about middle ground.

...Mark


On Tue, May 13, 2014 at 8:00 AM, Salz, Rich <rsalz@akamai.com> wrote:

> > Would it help to augment the existing warning text cited by Vijay with
> some _examples_ of published attacks / weaknesses for some of the
> algorithms ?
>
>
>
> How does that not run into the same concern about being taken as a
> comprehensive warning?  Is “For example, …” considered that much less
> compelling? As for examples, just read the titles in the proposed security
> references section.
>
>
>
> > IIUC the concern with the proposed text is that it might give the
> impression we're providing exhaustive, up-to-date advice and that we have
> some agreed yardstick by which to measure whether a given algorithm should
> get a thumbs up or thumbs down.
>
>
>
> There will never be exhaustive, up-to-date advice. Given that truism, what
> do you do?  That’s a real question. And as for the yardstick, you’ve got a
> list of open references, and the original CFRG/Paterson et al email message
> gave a summary.
>
> --
>
> Principal Security Engineer
>
> Akamai Technologies, Cambridge, MA
>
> IM: rsalz@jabber.me; Twitter: RichSalz
>

Received on Tuesday, 13 May 2014 15:11:53 UTC