On Tue, Oct 14, 2014 at 10:52:58PM +0000, Orit Levin (LCA) wrote:
> > > I agree we SHOULD tone down a few of the requirements, to make sure we do
> > > accommodate the opportunistic use case.
>
> It would be unfortunate to simply tone the recommendations down and lose
> the edge of the whole BCP.
I agree, I'd prefer to qualify the recommendations in such a way
that the various MUST NOTs continue to apply to authenticated TLS
connections that are expected to resist active attacks.
When TLS is used in a manner that protects only against passive
attacks and is vulnerable to many more active attacks than just
those addressed by the BCP, the requirement can be softened to
using the weaker algorithms only as a last resort, choosing stronger
options whenever possible. Such clients MAY employ weaker algorithms
only when they might otherwise resort to cleartext if no shared
algorithms are negotiated.
[ Of course even if a TLS client carefully arranges to list weaker
algorithms at a low preference, a non-compliant server might
preempt the client's preference and specifically select the weaker
option, even though it supports stronger options. There's not
much we can do about that, servers need to also adopt the BCP
recommendations. ]
> Victor, could you, please, make a list of ALL places, where the current
> wording might not work for opportunistic deployments?
Sure, I'll post a separate message with detailed comments.
--
Viktor.
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
