I believe this plan would have poor side effects. For example, if Apple ships clients with a broken ECDSA implementation [0], a server cannot detect detect if a connecting client is an Apple product and avoid the use of ECDSA in that subset of connections. Instead, ECDSA suddenly becomes unsafe for anyone to use anywhere.
[0]: https://github.com/agl/openssl/commit/0d26cc5b32c23682244685975c1e9392244c0a4d On Thu, Aug 8, 2013 at 10:30 PM, Brian Smith <br...@briansmith.org> wrote: > Please see https://briansmith.org/browser-ciphersuites-01.html > > First, this is a proposal to change the set of sequence of ciphersuites > that Firefox offers. Secondly, this is an invitation for other browser > makers to adopt the same sequence of ciphersuites to maximize > interoperability, to minimize fingerprinting, and ultimately to make > server-side software developers and system administrators' jobs easier. > > Suggestions for improvements are encouraged. > > Cheers, > Brian > -- > Mozilla Networking/Crypto/Security (Necko/NSS/PSM) > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
