Watson Ladd <[email protected]> writes: > Suppose everyone behaves the way you suggest. How unhappy are they > with using X or Y? Clearly not very much: they were willing to use it > if the other side didn't want their preference.
Actually, people have *very* strong opinions about crypto and are willing to lobby pretty hard for particular algorithms and protocols. We should ensure such lobbying is directed towards OS vendors *after* TCP-ENO is standardized, not towards the working group beforehand (where it will further slow us down undermine TCP-ENO's goal of breaking the working group deadlock). > The result of wanting to support every possible combination of > preferences and admin interface is having dead options linger forever > as the sysadmins keep copypasta in config files alive forever. I'd > rather order my crypto from McSorley's. The fact that we have way too many encryption options floating around does not mean all ciphersuites can be strictly ordered by security, for the simple reason that nobody can predict the future. Cryptanalysis may alter the relative security of different algorithms at any time. Or some NIST scandal might erupt casting doubt on the design methodology of P-512 compared to the nominally weaker Curve25519. At such points, OS vendors need the ability to re-prioritize cipher suites without breaking backwards compatibility. David _______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
