(with no hats, except the one irritated with loadsa ciphersuites:-) On 30/03/16 21:26, Yoav Nir wrote: > That brings up another question. How do things move from “approved” > to “not-approved”? Does it require a diediedie document? What > happens when we decide that 3DES is just too limited and there’s not > good reason to use it, but there’s really no security issue with > using it?
How about starting from the smallest possible set with "Y" in the IETF recommended column? And then focus on keeping that set as small as possible and actively not letting it grow. Let's *pretty please* take this opportunity to prune the stupid list of nearly 350 all ostensibly but so not equal ciphersuites down to the smallest list that can reasonably be recommended. Measurements seem to have indicated that just a handful is all that really needs to be very widely supported. That will require folks here to not mess about and to resist the set of people who want ciphersuite foo because it's important to just them and a few others. Remember: Sean's proposed text, is to limit the "Y" to stuff that we do expect to, and want to, see widely or very widely implemented and deployed. If this WG fail to take this opportunity to fix the 350 ciphersuite stupidity then that'll be a pretty clear fail in which we'll all (me included) have sadly partaken. Let's fix that eh? S.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
