> You're still playing "my security level is bigger than yours". > There is no benefit in excluding RC4-SHA1 from the default list. > When servers support stronger algorithms, those will be negotiated.
But that is only true as long as there is no new attack which succesfully downgrades the cipher suite, i.e. something comparable to http://www.openssl.org/news/secadv_20101202.txt. And with all those successful attacks on SSL protocol that we have seen in the past years its overly optimistic to expect to never see a "ciphersuite downgrade reloaded", IMHO. And if that happens you are faced with a choice of either "raising the floor" (as you called it so graphically) "immediately" or leaving "everyone" exposed for the possibly not so short time it takes to develop a fix. To me, carefully starting to drop "outdated"/"weak" ciphersuites, so "early adaptors" can test and provide feedback (both asking the communication partner to upgrade their software and giving feedback on how usable the new policy already is) seems vastly preferable to having to do the same "all at once" while being under attack. Of course, if everybody is sure that such an attack will never happen (again), then there is no point in ever going to the trouble of "raising the floor". Best Regards, Stefan ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
