On 10/15/14, 4:28 AM, Ralph Holz wrote:
Hi,Anyway. Splitting parts of the document for 'opportunistic'/protocol specific makes sense, I agree. My hope is that this does not make the document confusing to readers - splitting this into two documents would be even more aweful. At this stage, with exceptions already made for scenarios that do not need encryption, and some attempts already made to accomodate OE/OS - I have serious concerns that adding more exceptions, and here even regular ones for almost every single point!, will lead to a BCP that is horrible to read and will thus be mostly ignored.
I totally agree.
I'd favour a solution where we do not accomodate OE/OS at every turn. Consider the practical impact and what we want to achieve with this BCP: the idea is to make the Internet (= mostly HTTP) a safer place. If people take note of the BCP, and implement the recommendations, even OE/OS would benefit from it as there is no need to fall back to things like RC4. If we add exceptions at every turn, however, we will simply lose people who won't bother with the BCP. I wouldn't. I know I may be in a minority here. But, to be clear, I favour declaring OE/OS out of scope and defer it to another document - keep this BCP clear, simple, and applicable to a still wide range of use cases.
A big +1. Peter -- Peter Saint-Andre https://andyet.com/ _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
