Hi Peter, On 26 Nov 2014, at 03:38, Peter Saint-Andre - &yet <[email protected]> wrote:
>>> This document is not an application profile standard, in the sense of >>> Section 9 of [RFC5246]. As a result, clients and servers are still >>> REQUIRED to support the mandatory TLS cipher suite, >>> TLS_RSA_WITH_AES_128_CBC_SHA. >> >> A BCP defining cipher suite recommendations should not have a higher >> level of requirement for TLS_RSA_WITH_AES_128_CBC_SHA than it has for >> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, at least. I think it is OK to just >> say that the TLS specification was wrong to mandate >> TLS_RSA_WITH_AES_128_CBC_SHA, or don't mention it at all. > > I don't know if RFC 5246 was *wrong*, but the situation on the ground has > changed since 2008. I was wondering about the above as well. I think your document is updating MTI or at least narrowing down recommended choices, and CBC_SHA is not one of them. So deleting the two sentences quoted above is the best. _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
