On Wed, Jul 22, 2015 at 04:10:27PM -0400, Dave Garrett wrote: > Consensus was my current WIP proposal is not viable, for some of the > following main reasons: > > 1) cost/benefit analysis doesn't seem to be worth it > 2) backwards compatibility handling > 3) some argue harder to implement; others argue easier
IMO, the present situation is mainly problem for: 1) Users: Not having combinations they want (whitness the recent proposal for ECDHE_PSK ciphersuites). Sometimes leads to suboptimal ciphersuite choices. 2) TLS WG: Processing all the complaints about previous. 3) Admins: Configuring the mess. What isn't in the list: TLS library authors: Most TLS libraries have decoding tables (or equivalent) that break down ciphersuite down to its component parts. Using strict interpretation of TLS 1.2 rules, adding all the relevant combinations would be about 100 ciphersuites (haven't checked how many already exist). Granted, not all of those are equally important. But that brings question of what are important and what are not. Also, if SHA-2 ever fails, defining the replacement ciphersuites is going to be "fun". -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
