Watson Ladd <[email protected]> writes: >> Such a linear ordering would be very hard to achieve, given that >> different parts of the world trust/mistrust different crypto algorithms. >> Even among cipher suites discussed so far, how would we order >> P-256/AES-128 vs. Curve25519/Chacha/Poly1305. The former set is better >> is the sense that it is more established. The latter is better in the >> sense that it is newer, potentially more efficient, and (for the >> paranoid) less tainted by government involvement. I think realistically >> the preference has to be left to the individual host configuration >> rather than the IETF. > > Let's consider what this actually means. Hosts that implement 1 of two > options because they don't trust the other one to provide adequate > security will not talk to the ones that make the wrong choice. Hosts > that implement both would be fine picking just one, in fact prefer it > as it reduces the amount of work they have to do. > > But by having ranking preferences, we're in fact saying "you would be > fine with picking one for improved interop, but we're going to force > you to make a choice that complicates your implementation, because we > assume you are an expert in cryptanalysis research and we are not". > Picking one suite that's widely acceptable is far better than > providing a smorgasbord.
Well, hypothetically, say the US prefers spec X and the EU prefers spec Y. The goal is that two hosts in the US would always choose spec X and two hosts in the EU would always chose spec Y. But when a host in the US communicates with a host in the EU, we don't really care as much--they could choose X or Y, so we might as well base it on the preferences of the passive opener. However, hard-coding the spec rankings risks delaying standardization to argue over which specs should take priority. David _______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
