On 25/08/2015 15:11 pm, Kyle Rose wrote:
into the reality of comparing ciphersuites justifies exposing all
possible ciphersuites, and permitting specifying arbitrary preferences
among them?
The preferences of others are "arbitrary" but yours are not?
Touché.
Arbitrary is fair enough. The experiences out in sysadmland support
that (cite https://bettercrypto.org/ ).
I don't hear a lot of opposition to maintaining agility in ciphersuite
preference.
<cough> It was discussed about 6 months to a year ago.
The alternate -- loosely known as 1TCS or one true cipher suite -- has
been proposed on the basis that if it is ever going to be useful, then
the place it will be most useful is TCPINC. Because TCPINC is MITMable
anyway, why worry so much about the purported benefits of algorithmic
agility?
However basic IETF consensus or practice is that protocols maintain
agility, and there is a coming draft on that.
I am personally in favor of keeping some mechanism
(whether this one or a different one) in place for that purpose,
because it provides much more flexibility than it requires complexity.
Kyle
iang
_______________________________________________
Tcpinc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tcpinc
