On 16/09/15 09:19, Peter Gutmann wrote: > Jeffrey Walton <noloa...@gmail.com> writes: > >> Somewhat off-topic, why does TLS not produce a few profiles. One can be >> "Opportunistic TLS Profile" with a compatible security posture and include >> ADH. Another can be a "Standard TLS Profile" and include things like export >> grade crypto, weak and wounder ciphers SSLv3, etc. Finally, there can be a >> "TLS Defensive profile" where you get mostly the strong the protocols and >> ciphers, HTTPS Pinning Overrides are not allowed so the adversary cannot >> break the secure channel by tricking a user, etc. > > +1. At the moment you're stuck with everything-all-the-time (or alternatively > one-size-misfits-all) where you have to support every single mechanism and > quirk and add-on, when all you want most of the time is to set up a basic > secure tunnel from A to B. Having profiles would be a great help, so all the > other standards groups that build on TLS can refer to, say, the emebedded- > device profile or the PFS-with-PSK profile rather than having to hack around > the standard themselves.
We have BCP195 [1] that aims for the "general" case (for up to TLS1.2) and a draft [2] (current in IESG evaluation) for the embedded case. Are those the kind of thing you're after? If so, and you wanted more, the UTA WG [3] (which produced BCP195) would maybe be the best place to see if there's enough interest in doing more. (The embedded one was done in the DICE WG [4] which was setup mostly for that as it's to some extent a different set of folks. And that could be done again if needed.) Cheers, S. [1] https://tools.ietf.org/html/bcp195 [2] https://tools.ietf.org/html/draft-ietf-dice-profile-16 [3] https://tools.ietf.org/wg/uta/ [4] https://tools.ietf.org/wg/dice/ > > Peter. > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls