I support this draft too (no surprise there!). To be clear though,
although I prefer tcpcrypt, I believe either approach would be much
better than doing nothing.
Of your three ways to proceed, I think (1) is unlikely to occur because
the difference is philosophical rather than just technical.
On Mon, Aug 24, 2015, at 02:33 PM, David Mazieres wrote:
Watson Ladd watsonbl...@gmail.com writes:
The problem is with the existence of sites where only one algorithm
must be used, and the OS is configured accordingly.
Hard-coding global cipher priority is likely to exacerbate this