On Tue Jan 13 18:37:00 2009, Peter Saint-Andre wrote:
In TLS 1.0 (RFC 2246) and therefore RFC 3920, the
mandatory-to-implement
("MTI") cipher was TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA.
In TLS 1.1 (RFC 4346), it was TLS_RSA_WITH_3DES_EDE_CBC_SHA.
In TLS 1.2 (RFC 5246), it is TLS_RSA_WITH_AES_128_CBC_SHA.
I just noticed that rfc3920bis still refers to RFC 4346 and
therefore
has TLS_RSA_WITH_3DES_EDE_CBC_SHA as MTI. I assume we need to
change it
to TLS_RSA_WITH_AES_128_CBC_SHA so that we maintain consistency
with the
latest version of TLS.
Is it worth breaking this out deliberately into a distinct document
which details MTI TLS versions, SASL mechanisms, hashes (where we use
them) etc? It's the kind of thing which would be useful to refer to
from XEPs, and also it's the kinds of thing which the XSF doesn't
really have the expertise that the IETF does.
Then, rfc3920bis says "See RFC XXXX or successors for MTI
cryptography", and RFC XXXX might be obsoleted by RFC YYYY at some
point, and rfc3920bis gets this essentially for free.
Dave.
--
Dave Cridland - mailto:[email protected] - xmpp:[email protected]
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
