[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ietf-tls
Subject:    Re: [TLS] Ala Carte Cipher suites - was: DSA should die
From:       Brian Smith <brian () briansmith ! org>
Date:       2015-04-04 0:05:03
Message-ID: CAFewVt6jKaQh9Z-ySQJr_9PWsBvn41RNk6PNXMdouLwywn8-wA () mail ! gmail ! com
[Download RAW message or body]

Please don't change the syntax for negotiating cipher suites. Although
it seems like a good idea to try to make things simpler conceptually
by negotiating the different components of the cipher suite
differently, it would take a lot of effort to standardize a new way of
doing things. I don't think the current mechanism is problematic
enough (at all, really) to justify that effort. Also, any new
mechanism is going to make any implementation more complicated--and
thus more more-prone--if it also has to support older versions of TLS.
Again, I don't think that extra complication is warranted.

Finally, there are a lot of reasons to avoid wasting bytes in the
ClientHello message, for improved compatibility. Having two cipher
suite negotiation mechanisms in the ClientHello, one for TLS 1.3+ and
one for earlier versions, would likely be counter to that goal.

Cheers,
Brian


[prev in list] [next in list] [prev in thread] [next in thread]