The UK and the EU agreed on negotiations over a trade agreement on December 24, 2020 (local time), a week before the end of the grace period. However, it was pointed out that 23 years ago software such as Netscape Communicator and Mozilla Mail were designated as recommended environments in the section on document encryption technology of this agreement.
These software designations are described in documents specifying a set of cryptographic protocols to be used when exchanging messages containing DNA profile information, etc. between the UK and the EU. Even in the designation of encryption algorithms, technical specifications that are not suitable for weak practical use such as 1024-bit RSA or SHA-1 are included in the hash algorithm.
Reports point out that this technology is also found in EU documents in 2008, so it is possible that the old documents may have been reused while hastily sorted out this large 1,256-page agreement. One expert said it seemed to simply copy-paste the old standards and the technical details were barely understood. “Sha-1 and 1024-bit RSA were solid choices 10 years ago, but they do not fall short of the current standard security level.” I am introducing.
Indeed, this document will have little impact on the main day-to-day operations of the EU and the UK. Software such as Netscape Communicator and Mozilla Mail are just mentioned as examples of software that support the necessary encryption. In other words, if you are using software that is more secure than what is written in this document, there is no problem.
However, for encryption algorithms, if the technology appropriate for the times is not clearly specified, it is considered that document modification is also necessary because it can be operated in a state of vulnerability at the current security level. Related information can be found here .