> On 30 Mar 2016, at 7:05 PM, Daniel Kahn Gillmor <d...@fifthhorseman.net> > wrote: > > On Wed 2016-03-30 11:33:09 -0400, Benjamin Kaduk wrote: >> I am not sure that we want to be in the business of explicitly marking >> things as insecure other than our own RFCs, though -- there could be an >> implication of more review than is actually the case, which is what this >> proposal is trying to get rid of. > > I think i agree with Ben here: if we have a tri-state: > approved/not-approved/known-bad, then the people will infer that the > not-approved ciphersuites are better than the known-bad ones, which > isn't necessarily the case. > > I think i'd rather see it stay at "approved/not-approved”
+1 Nothing will ever be marked as known-bad unless it’s in widespread use. Nobody’s ever going to write a die-die-die document for some homebrew cipher or even for a national cipher unless something really spectacular happens. I’d rather not have them marked as “neutral”, which implies they are better than RC4’s “known-bad”. Besides, what about 3DES? For limited amounts of data it works perfectly fine if you follow all the CBC caveats, but with high-speed high-volume connections, you’ll have to rekey often. And there are faster, better alternatives. Do we mark it as “known-bad”? It’s certainly not broken the way RC4 is. I’d rather we not go there. Yoav _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
