Guidelines for Cryptographic Algorithm Agility and Selecting Mandatory-to-Implement Algorithms
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: RFC Editor <firstname.lastname@example.org> Subject: Protocol Action: 'Guidelines for Cryptographic Algorithm Agility and Selecting Mandatory-to-Implement Algorithms' to Best Current Practice (draft-iab-crypto-alg-agility-08.txt) The IESG has approved the following document: - 'Guidelines for Cryptographic Algorithm Agility and Selecting Mandatory-to-Implement Algorithms' (draft-iab-crypto-alg-agility-08.txt) as Best Current Practice This document has been reviewed in the IETF but is not the product of an IETF Working Group. The IESG contact person is Stephen Farrell. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-iab-crypto-alg-agility/
Technical Summary Many IETF protocols use cryptographic algorithms to provide confidentiality, integrity, authentication or digital signature. Communicating peers must support a common set of cryptographic algorithms for these mechanisms to work properly. This memo provides guidelines to ensure that protocols can easily migrate from one algorithm suite to another one over time. Working Group Summary This document was not produced by any IETF WG. It was started by the IAB, was then presented at saag (some time back) where people wanted it to be an IETF stream RFC. After that it was extensively discussed on the SAAG mail list. There are a few comments [12,3] that got sent only to the saag list that have yet to be checked, the author will handle those and may issue another revision. Any diff is expected to be minor.  https://www.ietf.org/mail-archive/web/saag/current/msg06373.html  https://www.ietf.org/mail-archive/web/saag/current/msg06381.html  https://www.ietf.org/mail-archive/web/saag/current/msg06438.html Document Quality This document has been extensively discussed on the SAAG mail list as well as in the IAB program on privacy and security. It represents the rough consensus from those discussions. Personnel The document shepherd is Ted Hardie, irresponsible AD is Stephen Farrell.