Hi all, one option that was not voted on today (and that I would like the WG to consider) is the possibility for this work to be an Informational RFC rather than a WG item.
I say this because, as presented, this work seems to be a collection of "workarounds" that browsers implement to keep working with buggy implementations of TLS. The concern about this being a WG item is that (as mentioned in the slides) this MIGHT promote not-upgrading (web) servers since clients keep working anyway. In the browsers' world, there is the pressure for not loosing users (since they - the users - do not really care about security neither understand the consequences of using broken/superseded crypto) pushes vendors to try every possible way to get the data to the user even if that might compromise the security by using less secure/buggy/superseded protocols. Although I think it is useful and important to document what browsers do, I think that we definitely do not want to encourage this type of behavior (e.g. in the MTA/MUA) for other applications. I think that this document might be useful for understanding better how to design future versions of TLS so that documents like this will not be needed anymore. For these reasons, I would vote for it to be informational rather than a WG item. Just my 2 cents... Cheers, Max _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
