On Wed, Sep 16, 2015 at 02:10:36PM -0400, Dave Garrett wrote:
> > Yes. I wouldn't recommend following this path to others; it's not
> > easy and the return on that investment isn't all good. The mess we
> > were attempting to clean up with HTTP/2 was the state of TLS
> > deployment on the web, not so much the spec itself.
>
> The profiles idea feels like a way to justify having a crap profile in the
> mix.
I see no basis for that dismissive throw-away.
> We should be focusing on restricting TLS to always actually be competent.
All profiles are restrictions by definition, they don't add new
features. Competence is context dependent.
The advantage of profiles is that they standardize sensible
combinations of features, and encourage toolkits to provide interfaces
for applications to track a particular profile.
This also makes it easier for toolkits to harden some profiles
selectively without breaking other profiles.
Explicit profiles make some sense. They need not be defined by
the TLS WG per-se, it might be enough for the TLS specification to
reference an IANA profile registry, with the TLS-WG defining a
"base" profile. Then other WGs (including the[ TLS WG) can define
additional profiles.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
