Ø The BCP only prohibits use of RC4 DES and 40bit crypto. As it stands now, use of 3DES is allowed as a “best” practice.
Ah, “what’s not denied is permitted” vs “what’s not permitted is denied” Ø What I am suggesting is that we should correctly call out its use is really a minimal practice to distinguish it from other more worthy practices. The motivation is to form the basis for encouraging movement towards what really is a best practice in a form the application would be able to consume. Yes, I’d agree. -- Principal Security Engineer Akamai Technologies, Cambridge, MA IM: [email protected]<mailto:[email protected]>; Twitter: RichSalz
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
