Dave Cridland wrote:
> On Tue Jan 13 18:37:00 2009, Peter Saint-Andre wrote:
>> In TLS 1.0 (RFC 2246) and therefore RFC 3920, the mandatory-to-implement
>> ("MTI") cipher was TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA.
>>
>> In TLS 1.1 (RFC 4346), it was TLS_RSA_WITH_3DES_EDE_CBC_SHA.
>>
>> In TLS 1.2 (RFC 5246), it is TLS_RSA_WITH_AES_128_CBC_SHA.
>>
>> I just noticed that rfc3920bis still refers to RFC 4346 and therefore
>> has TLS_RSA_WITH_3DES_EDE_CBC_SHA as MTI. I assume we need to change it
>> to TLS_RSA_WITH_AES_128_CBC_SHA so that we maintain consistency with the
>> latest version of TLS.
>
> Is it worth breaking this out deliberately into a distinct document
> which details MTI TLS versions, SASL mechanisms, hashes (where we use
> them) etc?
That document would apply only to XMPP, or also to other technologies?
> It's the kind of thing which would be useful to refer to from
> XEPs, and also it's the kinds of thing which the XSF doesn't really have
> the expertise that the IETF does.
Agreed.
> Then, rfc3920bis says "See RFC XXXX or successors for MTI cryptography",
> and RFC XXXX might be obsoleted by RFC YYYY at some point, and
> rfc3920bis gets this essentially for free.
I'm not a huge fan of more XMPP RFCs, but the approach you outline seems
reasonable so that we don't need to publish rfc3920ter when TLS 1.4
comes out (or whatever).
/psa
