The recurring theme regarding Opportunistic Encryption, unsurprisingly, appears to be that Best Current Practices can't always be enforced, because Mediocre Legacy Practices may be required for interoperability and still be better than nothing. So certainly for a BCP document, it appears to make the most sense to say that such OE use cases are out of scope.
I think it can still be useful to state that implementations going for OE should adhere to BCP whenever possible. The BCP document shouldn't go into the details (e.g., it's not the right place to put down a ranking of non-BCP cipher suites), but I think that mentioning some basic ideas non-normatively could still be useful. (Notably, clients and servers should prefer BCP-compliant cipher suites over legacy cipher suites.) Bodo
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
