(Adding [email protected])
Me:
> CT should not be a special case exemption from the agility spec.
Ben:
> I think it should, and here's why: normally you want agility so endpoints can
> change their crypto in an orderly way, so as to phase out weak algorithms. In
> CT the endpoint is the enemy: you don't want it to be able to choose
> algorithms that suit it.
What is the endpoint? The log server? I don't understand the point.
And as I said, why can't you get the same effect with proper use of ALL CAPS
words in the RFC?
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
