Ralph Holz <ralph-cryptometz...@ralphholz.de> writes: >I've followed that list for a while. What I find weird is that there should >be much dissent at all. This is about increasing security based on adding >quite well-understood mechanisms. What's to be so opposed to there?
There wasn't really much dissent (there was some discussion, both on and off- list, which I've tried to address in updates of the draft), it's just that the WG chairs don't seem to want to move on it. >Does adding some ciphersuites really require an extension, maybe even on the >Standards Track? I shouldn't think so, looking at the RFCs that already do >this, e.g. RFC 5289 for AES-GCM. Just go for an Informational. FWIW, even >HTTPS is Informational. I've heard from implementers at Large Organisations that having it non- standards-track makes it hard to get it adopted there. I guess I could go for Informational if all else fails. >I don't think it hurts to let users and operators vote with their feet here. That's what's already happened/happening, problem is that without an RFC to nail down at least the extension ID it's a bit hard for commercial vendors to commit to it. Peter. _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography