On 27/02/2017 18:18, David Sommerseth wrote: > On 27/02/17 23:06, James Yonan wrote: >> On 25/02/2017 08:40, Steffan Karger wrote: > [...snip...] >>> I'd say so. Something like: >>> >>> legacy: RSA 1024+, SHA1+, all curves >>> default: RSA 2048+, SHA2+, all curves >>> suiteb: no RSA, SHA256/SHA384, P-256/P-384 >>> >>> As long as we kick anything that's deprecated out of 'default', that >>> should probably suffice. >> That sounds good, but I'm thinking that we should probably name >> "default" something else, such as "standard", so there's no confusion >> between the cert profile name, and which cert profile is chosen by >> default which may vary according to app preferences/settings. >> >> For example in mobile clients, we would probably need an app-level >> setting to indicate whether "legacy" or "standard" should be the >> default, but that would be confusing if "default" was actually a profile >> name. > There's a narrow edge here before it becomes bike-shedding; I do try to > avoid that ... but what about: legacy, preferred and suiteb ? > > "Standard" just sounds a bit too static to me, that is not something > which changes much. So in 5 or 10 years from now, "standard" may just > as much be "legacy". Hence my suggestion for "preferred"; this is what > we prefer now. "legacy" is what we used and can even include what we > preferred earlier.
I'm okay with legacy, preferred and suiteb. James ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel