On Sun, Aug 23, 2015 at 12:42 PM, David Mazieres <dm-list-tcpcr...@scs.stanford.edu> wrote: > Watson Ladd <watsonbl...@gmail.com> writes: > >> Think of this "fixed ordering" as versioning, like HTTP/0.9, 1.0, 1.1, >> 2.0, etc. The idea is that we'd only introduce new versions when we >> knew they were stronger than the old ones. > > Such a linear ordering would be very hard to achieve, given that > different parts of the world trust/mistrust different crypto algorithms. > Even among cipher suites discussed so far, how would we order > P-256/AES-128 vs. Curve25519/Chacha/Poly1305. The former set is better > is the sense that it is more established. The latter is better in the > sense that it is newer, potentially more efficient, and (for the > paranoid) less tainted by government involvement. I think realistically > the preference has to be left to the individual host configuration > rather than the IETF.
Let's consider what this actually means. Hosts that implement 1 of two options because they don't trust the other one to provide adequate security will not talk to the ones that make the wrong choice. Hosts that implement both would be fine picking just one, in fact prefer it as it reduces the amount of work they have to do. But by having ranking preferences, we're in fact saying "you would be fine with picking one for improved interop, but we're going to force you to make a choice that complicates your implementation, because we assume you are an expert in cryptanalysis research and we are not". Picking one suite that's widely acceptable is far better than providing a smorgasbord. > > David -- "Man is born free, but everywhere he is in chains". --Rousseau. _______________________________________________ Tcpinc mailing list Tcpinc@ietf.org https://www.ietf.org/mailman/listinfo/tcpinc