It would be simpler if we restate the minimum keys size as MUST NOT negotiate a cipher size with a key strength < 112 bits.
There are inconsistencies from the discussion on cipher suites with the list of cipher suites. For example, The NULL, RSA_Export, DSS_Export, DES and RC4 cipher suites are not listed as MUST NOT. The 3DES cipher suites are not listed as SHOULD NOT. Ultimately the intent of the BCP is to influence the list of endorsed cipher suites so the net result is a profile of cipher suites. In fact it would be cleaner to remove the keywords from the text descriptions and rational on the changes and rely on the key words in a cipher suites list as this is less ambiguous. We say we MUST support a cipher suite offering PFS but we don't list any as a MUST is an inconsistency which needs to be fixed.
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
