On Tue, Nov 17, 2015 at 11:06 AM, Viktor Dukhovni <ietf-d...@dukhovni.org> wrote:
> On Tue, Nov 17, 2015 at 09:51:32AM -0800, Eric Rescorla wrote: > > > My proposal is that we: > > > > - List all the Standards Track cipher suites that are compatible with TLS > > 1.3 in Appendix A. > > > > - Mark all the cipher suites that are listed in Appendix A as > "Recommended" > > Where does that leave ciphersuites that are "Recommended" for TLS > 1.2, but TLS 1.3? Or do none of the CBC block ciphers in TLS 1.2 qualify? > Yes. The proposed intention was that for the same reasons we moved to AEAD for 1.3, we would only Recommend AEAD for TLS 1.2. Note that this is consistent with the guidance in both RFC 7525 (which recommends AEAD) http://tools.ietf.org/html/rfc7525#section-4.2 and RFC 7540 which blacklists the non-AEAD cipher suites (http://tools.ietf.org/html/rfc7540#appendix-A) -Ekr
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
