On Sat, Jul 25, 2015 at 07:01:42PM +0200, Martin Thomson wrote:
> On 25 July 2015 at 17:48, Salz, Rich <rs...@akamai.com> wrote:
> > "we" meaning browsers. "we" not being everyone who will use TLS 1.3
> >
> > Ekr has pointed out a problem; if you connect with a protocol range and
> > proffer RC4, can we do anything about it except point out multiple times
> > that 1.3 servers MUST NOT accept it?
>
>
> Agreed. But I'll point out that other users of TLS will likely not be
> doing fallback either, so they have to deal with offering what they
> support straight up.
>
> Prohibiting RC4 probably won't do anything more than what our existing
> efforts are doing already.
I would go further, and say that "prohibiting RC4" in any sense
that is more than prohibiting its use as the final outcome of a
handshake would be a rather counter-productive strategy.
Servers and clients are strongly encouraged to not choose it, but
to reject connections from peers that offer it for interoperability
with others would just create a mess that would be operationally
challenging. RC4 is dying, just let it fade away into insignificance.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
