Watson Ladd <watsonbl...@gmail.com> writes: > Think of this "fixed ordering" as versioning, like HTTP/0.9, 1.0, 1.1, > 2.0, etc. The idea is that we'd only introduce new versions when we > knew they were stronger than the old ones.
Such a linear ordering would be very hard to achieve, given that different parts of the world trust/mistrust different crypto algorithms. Even among cipher suites discussed so far, how would we order P-256/AES-128 vs. Curve25519/Chacha/Poly1305. The former set is better is the sense that it is more established. The latter is better in the sense that it is newer, potentially more efficient, and (for the paranoid) less tainted by government involvement. I think realistically the preference has to be left to the individual host configuration rather than the IETF. David _______________________________________________ Tcpinc mailing list Tcpinc@ietf.org https://www.ietf.org/mailman/listinfo/tcpinc