Hi Leif,
On 18/02/2015 10:45, Leif Johansson wrote:
On 02/17/2015 08:49 PM, Alissa Cooper wrote:
[snip]
----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------
Thanks for all your work on this.
I have a quick question about how we expect this document to be used
within the IETF. I note that the bulk of the requirements/recommendations
are directed at implementers, not protocol designers/specs. And Section
4.2.1 also says:
"This document does not change the mandatory-to-implement TLS cipher
suite(s) prescribed by TLS or application protocols using TLS. ...
Implementers should consider the interoperability gain against the
loss in security when deploying that cipher suite. Other application
protocols specify other cipher suites as mandatory to implement
(MTI)."
So my question is whether we should consider this document effectively
silent about the choice of cipher suites to be used when we standardize a
new application protocol in the IETF, or an update to an existing
protocol. That is the impression that I get from the text right now, and
it doesn't quite match the way we've been using/citing the document in
some recent discussions of other drafts. On the other hand, if we're
expecting new or updated application protocol specs to conform to or take
into account the recommendations in this document, I think that should be
made more clear.
I think there is a very clear difference between MTI and deployment
best practice and the text above is trying to express that difference.
I don't think UTA wants a piece of the action over at CFRG - that group
doesn't need another set of "helpful" hands IMHO :-)
As a CFRG co-chair, I thank you for not trying to be "helpful" :-).
I think the difference is that UTA picks from documented ciphers, while
CFRG might recommend new ones. So at least there is some logical
separation of duties.
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
