On 27/02/17 23:06, James Yonan wrote: > On 25/02/2017 08:40, Steffan Karger wrote: [...snip...] >> I'd say so. Something like: >> >> legacy: RSA 1024+, SHA1+, all curves >> default: RSA 2048+, SHA2+, all curves >> suiteb: no RSA, SHA256/SHA384, P-256/P-384 >> >> As long as we kick anything that's deprecated out of 'default', that >> should probably suffice. > > That sounds good, but I'm thinking that we should probably name > "default" something else, such as "standard", so there's no confusion > between the cert profile name, and which cert profile is chosen by > default which may vary according to app preferences/settings. > > For example in mobile clients, we would probably need an app-level > setting to indicate whether "legacy" or "standard" should be the > default, but that would be confusing if "default" was actually a profile > name.
There's a narrow edge here before it becomes bike-shedding; I do try to avoid that ... but what about: legacy, preferred and suiteb ? "Standard" just sounds a bit too static to me, that is not something which changes much. So in 5 or 10 years from now, "standard" may just as much be "legacy". Hence my suggestion for "preferred"; this is what we prefer now. "legacy" is what we used and can even include what we preferred earlier. -- kind regards, David Sommerseth OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel