Hi Uta folks,
I strongly believe that BCP needs to include alternative algorithms - with different design policy from algorithm which your I-D recommends - which are widely implemented - which are internationally standardized Because when protocols depend on single primitive and vulnerability related to the primitive is found it takes a lot of time to migrate from insecure primitive to secure one. In fact, as TLS-BCP draft says several stronger cipher suites are available only with TLS 1.2 and it will take a lot of time for migration. Alternative algorithms are countermeasure against it. Furthermore, it is better that TLS-BCP draft deals with vulnerability taking alternative algorithm into consideration when vulnerability is found. So the concept of alternative algorithm is suitable for TLS-BCP draft. Welcome to your comments and suggestions. Best, Kohei KASAMATSU _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
