On 23/07/15 16:43, Dave Garrett wrote: > We should just get more serious about banning old crap entirely to > make dangerous misconfiguration impossible for TLS 1.3+ > implementations. > > Right now, the restrictions section prohibits: RC4, SSL2/3, & > EXPORT/NULL entirely (via min bits) and has "SHOULD" use TLS 1.3+ > compatible with TLS 1.2, if available
A suggestion - could we remove mention of anything that is not a MUST or SHOULD ciphersuite from the TLS1.3 document and then have someone write a separate draft that adds a column to the registry where we can mark old crap as deprecated? Not sure if it'd work though. S. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
