On 28-02-17 06:09, James Yonan wrote: > On 27/02/2017 18:18, David Sommerseth wrote: > >> On 27/02/17 23:06, James Yonan wrote: >>> On 25/02/2017 08:40, Steffan Karger wrote: >> [...snip...] >>>> I'd say so. Something like: >>>> >>>> legacy: RSA 1024+, SHA1+, all curves >>>> default: RSA 2048+, SHA2+, all curves >>>> suiteb: no RSA, SHA256/SHA384, P-256/P-384 >>>> >>>> As long as we kick anything that's deprecated out of 'default', that >>>> should probably suffice. >>> That sounds good, but I'm thinking that we should probably name >>> "default" something else, such as "standard", so there's no confusion >>> between the cert profile name, and which cert profile is chosen by >>> default which may vary according to app preferences/settings. >>> >>> For example in mobile clients, we would probably need an app-level >>> setting to indicate whether "legacy" or "standard" should be the >>> default, but that would be confusing if "default" was actually a profile >>> name. >> There's a narrow edge here before it becomes bike-shedding; I do try to >> avoid that ... but what about: legacy, preferred and suiteb ? >> >> "Standard" just sounds a bit too static to me, that is not something >> which changes much. So in 5 or 10 years from now, "standard" may just >> as much be "legacy". Hence my suggestion for "preferred"; this is what >> we prefer now. "legacy" is what we used and can even include what we >> preferred earlier. > > I'm okay with legacy, preferred and suiteb.
Me too. -Steffan ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
