> I could never work up much enthusiasm for TLS because it is needlessly big > and complex, but still got important things wrong. > I never saw the advantage of TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA as opposed > to exchanging a few bits of text, > allowing easy extension of the protocol to the occasional new protocol.
if you dont want negotiation, then we need to come up with new default encryption scheme that will work perfectly for a long time. i cannot promise that. with negotiation, stuff will get more complex but at least we can fix and upgrade one machine at a time and get the best possible option for each conversation. what would you do? -- cinap
