On Thursday 23 July 2015 14:21:15 Dave Garrett wrote: > On Thursday, July 23, 2015 01:10:30 pm Eric Rescorla wrote: > > On Thu, Jul 23, 2015 at 7:06 PM, Stephen Farrell > > <stephen.farr...@cs.tcd.ie>> > > wrote: > > > A suggestion - could we remove mention of anything that > > > is not a MUST or SHOULD ciphersuite from the TLS1.3 document > > > and then have someone write a separate draft that adds a > > > column to the registry where we can mark old crap as > > > deprecated? > > > > I'm starting to lean towards this. I don't generally think of TLS 1.3 as a > > vehicle for telling people how to configure use of TLS 1.2, and I think > > it might be better to move all that stuff out. > > If we've learned one thing from the past year of high-profile > vulnerabilities with names and logos, it's that TLS is not really secure if > you don't take into account its weakest/oldest feature that's still > possible. I don't think any responsible TLS 1.3 spec can afford to not > acknowledge this.
And I completely agree. FREAK and Logjam wouldn't happen at all if we didn't drag with us stuff that was considered legacy 10 years ago. But stuff like "server MUST abort handshake if it sees export grade ciphers in Client Hello" (or anything similar) will just get ignored. For a user a bad connection is better than no connection. One works and the other doesn't, the details are voodoo witchcraft. The way to remove all this legacy junk is to work towards sensible defaults in libraries (RFC7568, RFC7465 style), not by putting antifeatures in protocol specifications. -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
