Skip to main content

Selection of Future Cryptographic Standards

Document Type Expired Internet-Draft (individual)
Expired & archived
Authors David McGrew , Anthony Grieco , Yaron Sheffer
Last updated 2013-07-29 (Latest revision 2013-01-25)
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


The Advanced Encryption Standard (AES) is extensively used and is widely believed to provide security that is more than adequate. Several other cipher designs have been proposed for use in standards, and new designs continue to be developed, while consideration of cost and complexity impels that the number of mandatory-to-implement ciphers be minimized. This note outlines an approach to the selection of cryptographic algorithms that best serves the needs of the users of cryptography: AES should continue in its role as the mandatory-to-implement cipher, while other cipher designs should be reviewed with the goal of selecting a single standby cipher. If future advances in the science of cryptanalysis uncover security issues with the AES, the standby cipher will be ready for adoption as its replacement.


David McGrew
Anthony Grieco
Yaron Sheffer

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)