Document: draft-ietf-tls-des-idea-02.txt Reviewer: Vijay K. Gurbani Review Date: 11 Nov. 2008 IETF LC End Date: 17 Nov. 2008 IESG Telechat date: unknown Summary: This draft is ready for publication as an Informational. One question I had was that since the draft is deprecating DES and IDEA beyond TLS 1.2, why the normative strength of SHOULD NOT in S4.1 and S4.2 (versus MUST NOT)? Is that because existing products will not, in all probability, rip out code for DES and IDEA if already implemented? If so, does it make sense to say that new TLS implementations MUST NOT implement DES and IDEA but existing ones SHOULD consider removing these cipher suites for all the reasons given in S4.1 and S4.2?