On Wed 2016-03-30 11:33:09 -0400, Benjamin Kaduk wrote:
> I am not sure that we want to be in the business of explicitly marking
> things as insecure other than our own RFCs, though -- there could be an
> implication of more review than is actually the case, which is what this
> proposal is trying to get rid of.
I think i agree with Ben here: if we have a tri-state:
approved/not-approved/known-bad, then the people will infer that the
not-approved ciphersuites are better than the known-bad ones, which
isn't necessarily the case.
I think i'd rather see it stay at "approved/not-approved"
--dkg
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
