On 2014-08-28 12:27, Stephen Farrell wrote:
>
> Hiya,
>
> Having had this discussion a few times over the last
> couple of years my take on it is:
>
> - there is some but not huge interest a backup cipher
> for AES and the interest-level varies by protocol
> as do the set of possible backups
>
> - we are very unlikely to get an easy consensus on which
> to pick, or how to pick (has been tried in both SAAG
> and CFRG without success), as a generic backup
>
> - picking a cipher is not a UTA thing, and not the same
> as picking a TLS ciphersuite, which can be a UTA thing
>
> - while Camellia ciphersuites exist, chacha20 ciphersuites
> seem like they are also getting traction as an
> alternative to AES when one doesn't have AES h/w, but
> its too soon to tell maybe - if that happened, then there
> is also a reason to support chacha20 in addition to it
> being a backup to AES. And 2 reasons are way better
> than one here.
>
> I conclude that UTA should not be in the business of
> trying to decide which cipher might be a good backup
> for AES.
>
> And since TLS ciphersuites are in flux, with RC4 on
> the way out and (apparently) chacha20 on the rise,
> this isn't the right time for UTA to pick another
> ciphersuite as a backup in case of problems with AES.
>
Thank you Stephen. I agree with your observations and this last point in
particular makes me believe this is out of scope for the BCP draft.
Since there are few (if any) voices in support of backup suites in UTA
the WG seem to agree with you too.
Cheers Leif
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
