Hello, I went through some discussions on null ciphers and didn't see this, my apologies if this view has already been covered: There are cases where you either can't (due to legal reasons) or don't want to (performance reasons) encrypt, but would still like to have integrity protection and be certain you are talking to the right party.
One example of a legal reason is amateur radio, which by definition in most jurisdictions requires plaintext communications, but allows integrity protection and authentication. Granted this is a tiny minority of TLS users and use, but I don't really see much harm in keeping null ciphers in play. Turning the knobs by default to positions that don't allow null is fine, but the users should be able to turn those knobs into other positions if they want to. So the draft-ietf-uta-tls-bcp-08 section 4.1 first MUST NOT would in my view be better as SHOULD NOT, with a rationale acknowledging those cases where you don't want or can't have confidentiality. If you want to keep the MUST NOT wording, at least add a few words to the rationale section explaining the above exceptions. This way those software authors that read the BCP might make an informed choice and let the users turn on null ciphers themselves if they want to. Tapio _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
