I don't see where 3DES is recommended. Do you mean this:
(even if they advertise more bits, such as the 168-bit 3DES cipher suites)
Perhaps change it to "such as AES256" ?
> There are many things in the TLS BCP which cannot really be construed as a
> "best" practice since they are largely in there for interoperability.
Reaching the widest possible audience is often an explicit goal and a trade-off
against always being at the best security level. I think if you have some
specific issues, it would be good to edit the rationale to say "only for
interopability" or something like that.
I think almost every section should have a rationale. For example, 3.5 could
say "because it's at the wrong layer and has been the subject of security
weaknesses" :)
/r$
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: [email protected]<mailto:[email protected]>; Twitter: RichSalz
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
