Jeffrey Walton <noloa...@gmail.com> writes: >Somewhat off-topic, why does TLS not produce a few profiles. One can be >"Opportunistic TLS Profile" with a compatible security posture and include >ADH. Another can be a "Standard TLS Profile" and include things like export >grade crypto, weak and wounder ciphers SSLv3, etc. Finally, there can be a >"TLS Defensive profile" where you get mostly the strong the protocols and >ciphers, HTTPS Pinning Overrides are not allowed so the adversary cannot >break the secure channel by tricking a user, etc.
+1. At the moment you're stuck with everything-all-the-time (or alternatively one-size-misfits-all) where you have to support every single mechanism and quirk and add-on, when all you want most of the time is to set up a basic secure tunnel from A to B. Having profiles would be a great help, so all the other standards groups that build on TLS can refer to, say, the emebedded- device profile or the PFS-with-PSK profile rather than having to hack around the standard themselves. Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls