Hi, On 2 Dec 2014, at 17:55, Yaron Sheffer <[email protected]> wrote:
>>>>>>> This document is not an application profile standard, in the sense of >>>>>>> Section 9 of [RFC5246]. As a result, clients and servers are still >>>>>>> REQUIRED to support the mandatory TLS cipher suite, >>>>>>> TLS_RSA_WITH_AES_128_CBC_SHA. >>>>>> >>>>>> A BCP defining cipher suite recommendations should not have a higher >>>>>> level of requirement for TLS_RSA_WITH_AES_128_CBC_SHA than it has for >>>>>> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, at least. I think it is OK to just >>>>>> say that the TLS specification was wrong to mandate >>>>>> TLS_RSA_WITH_AES_128_CBC_SHA, or don't mention it at all. >>>>> >>>>> I don't know if RFC 5246 was *wrong*, but the situation on the ground has >>>>> changed since 2008. >>>> >>>> I was wondering about the above as well. I think your document is updating >>>> MTI or at least narrowing down recommended choices, and CBC_SHA is not one >>>> of them. So deleting the two sentences quoted above is the best. >>> >>> And in fact the text currently says: >>> >>> This document is not an application profile standard, in the sense of >>> Section 9 of [RFC5246]. As a result, clients and servers are still >>> REQUIRED to support the mandatory TLS cipher suite, >>> TLS_RSA_WITH_AES_128_CBC_SHA. >>> >>> So I'd agree with Yaron here. >> >> IMHO, a distinction without a difference. Anybody complying with your spec >> will need to implement a larger set of ciphers, so you are effectively >> extending the MTI list. >> >> Which reminds me of something else: some application protocols specify >> explicit MTI TLS ciphers, which are different from the above. So now that I >> thought about that, I really dislike the paragraph you quoted above. So >> maybe change it to something more neutral: >> >> This document doesn't change mandatory-to-implement TLS cipher suite(s) >> prescribed by TLS and application protocols using TLS. >> >> But I would rather drop the whole paragraph, as it weakens the whole >> document. > > I think we should be explicit about the cipher suite, even if we dislike it. > So how about: > > This document doesn't change mandatory-to-implement TLS cipher suite(s) > prescribed by TLS and application protocols using TLS. To maximize > interoperability, RFC 5246 REQUIRES implementation of the > TLS_RSA_WITH_AES_128_CBC_SHA cipher suite, which is significantly weaker than > the cipher suites recommended here. Implementers should consider the > interoperability gain against the loss in security when deploying this cipher > suite. Other application protocols specify other cipher suites as mandatory > to implement (MTI). This is much better, thank you! _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
