On Wed, Sep 16, 2015 at 07:14:48PM -0400, Dave Garrett wrote:
> Yeah, we don't need to argue semantics. My point is that I'd agree with
> a more strict profile than what we have now as an addon, but not a more
> permissive profile, as was the initial suggestion.
I don't think that "permissive" vs. "strict" is the right axis to
distinguish between profiles. Rather one axis is "Constrained"
vs. "General", and another axis is "Opportunistic" vs. "Mandatory".
What's different will be the MTI ciphers, and recommended preferred
ciphers. Adding crap banned by the base protocol is not the point.
In other words, a profile will have:
* MUST support parameters (required interop)
* SHOULD support parameters (additional preferred)
* MAY support parameters
* MUST NOT support parameters
that can vary over time independently of other profiles.
Then folks can go ahead and drop RC4 with prejudice from "Mandatory",
while initially leaving it enabled in "Opportunistic".
Which profiles are developed depends on how much interest there is
in from particular "market segment" to define said profile.
The main question is whether enough interested parties will be
willing to work on such profiles.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
