Paul Wouters has entered the following ballot position for draft-ietf-uta-ciphersuites-in-sec-syslog-05: Discuss
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-uta-ciphersuites-in-sec-syslog/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- While the document states why it wants to SHOULD NOT TLS_RSA_WITH_AES_128_CBC_SHA, I would like to at least have a brief discusion on whether this is a proper migration path. Why not offer both old and new, with a MUST prefer the new? That seems a more viable realistic migration path to me. There are numerous statements that TLS_RSA_WITH_AES_128_CBC_SHA is "weak" or "insecure". As far as I know, these are a bit of an exaggeration? I think a better description could me made to explain why we want to move away from non-AEAD with SHA1. _______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
