If smaller devices don't use algorithms that can be used to talk to random servers on the Internet, then they are choosing to not try to get interop. That seems like a shame to me, unless there's a really good reason and IMO, mostly there isn't, at the ciphersuite level. I would hope we all won't make the GCM/CCM mistake again for example (that "we" being roughly some combination of IETF/IEEE folks).
So I think the proposed change here, if it leads to fewer but more ubiquitously deployed ciphersuites, will help smaller devices. And I do think the IETF recommended column might lead us some way in that direction. Cheers, S. On 31/03/16 18:40, Hannes Tschofenig wrote: > I can see some value in having this IANA registry list for ciphersuites > in the way being proposed (even if it may be interpreted differently by > different audiences). There have been, of course, too many algorithms > used only in specific countries and those substantially increased the > ciphersuite list. > > I am just a little bit worried that everything developed for the IoT > enviroment is quite likely labled as not recommended by the IETF in this > registry because of the Web focus in this group. > > The JPAKE is the item that we are currently interested in because we > have contributed to the standardization work related to Thread and the > stack we had implemented. Of course, the remark that JPAKE might not be > a good fit for TLS 1.3 may be correct. > > Ciao > Hannes > > On 03/31/2016 07:25 PM, Salz, Rich wrote: >>> Interesting idea. You see this IANA registry more as the mandatory to >>> implement algorithm list (for Web apps). >> >> I don't. But lots of outsiders do, and I know they exert pressure on >> various projects and TLS/AD "leadership". I've only had a little bit of it >> via openssl compared to those folks. >> >> -- >> Senior Architect, Akamai Technologies >> IM: richs...@jabber.at Twitter: RichSalz >> >> > > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
