OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [office] Default encryption algorithm concerns

On 11 May 2010 19:11, Hanssens Bart <Bart.Hanssens@fedict.be> wrote:
> Rob,
>
> +1 on AES (See also OFFICE-2264 :-) and SHA-2
>
> Nothing wrong with Blowfish AFAIK, but security policies probably mandate
> the use of AES

No, nothing wrong with blowfish.  And its on the approved list of the
South African Government Minimum Interoperability Standard.  But I
guess AES is more widely approved.

Regards
Bob

>
>> I don't think we want to require that package producers support the legacy
>> method, especially if it is known to be weak.  So I suggest eliminating
>> that bullet paragraph altogether, or require the use of SHA2/AES128 if
>> there is consensus to have that be the "default" algorithm
>
> Best regards,
>
> Bart
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]