> On 30 Mar 2016, at 10:44 PM, Daniel Kahn Gillmor <d...@fifthhorseman.net> > wrote: > > On Wed 2016-03-30 15:20:08 -0400, Ilari Liusvaara wrote: >> On Wed, Mar 30, 2016 at 12:05:26PM -0400, Daniel Kahn Gillmor wrote: >>> On Wed 2016-03-30 11:33:09 -0400, Benjamin Kaduk wrote: >>>> I am not sure that we want to be in the business of explicitly marking >>>> things as insecure other than our own RFCs, though -- there could be an >>>> implication of more review than is actually the case, which is what this >>>> proposal is trying to get rid of. >>> >>> I think i agree with Ben here: if we have a tri-state: >>> approved/not-approved/known-bad, then the people will infer that the >>> not-approved ciphersuites are better than the known-bad ones, which >>> isn't necessarily the case. >>> >>> I think i'd rather see it stay at "approved/not-approved" >> >> Then how should ciphersuites with explicit diediedie RFCs (currently >> RC4) be presented? > > i'd say that they are "not-approved", clearly. :)
That brings up another question. How do things move from “approved” to “not-approved”? Does it require a diediedie document? What happens when we decide that 3DES is just too limited and there’s not good reason to use it, but there’s really no security issue with using it? Yoav
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
