[prev in list] [next in list] [prev in thread] [next in thread]
List: ietf-tls
Subject: Re: [TLS] Ala Carte Cipher suites - was: DSA should die
From: Brian Smith <brian () briansmith ! org>
Date: 2015-04-04 0:05:03
Message-ID: CAFewVt6jKaQh9Z-ySQJr_9PWsBvn41RNk6PNXMdouLwywn8-wA () mail ! gmail ! com
[Download RAW message or body]
Please don't change the syntax for negotiating cipher suites. Although
it seems like a good idea to try to make things simpler conceptually
by negotiating the different components of the cipher suite
differently, it would take a lot of effort to standardize a new way of
doing things. I don't think the current mechanism is problematic
enough (at all, really) to justify that effort. Also, any new
mechanism is going to make any implementation more complicated--and
thus more more-prone--if it also has to support older versions of TLS.
Again, I don't think that extra complication is warranted.
Finally, there are a lot of reasons to avoid wasting bytes in the
ClientHello message, for improved compatibility. Having two cipher
suite negotiation mechanisms in the ClientHello, one for TLS 1.3+ and
one for earlier versions, would likely be counter to that goal.
Cheers,
Brian
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic