Stephen Farrell <stephen.farr...@cs.tcd.ie> writes: >We have BCP195 [1] that aims for the "general" case (for up to TLS1.2) and a >draft [2] (current in IESG evaluation) for the embedded case. Are those the >kind of thing you're after?
Sort of, but since they're not part of the TLS spec they essentially don't exist (I've never seen then quoted, cited, or referenced in any third-party standard that deals with TLS). Another problem is that they're defined as a large collection of (often rather waffly) "don't do this" comments, so as a somewhat wooly blacklist rather than a clear whitelist. So the BCPs aren't really a profile but more like 20-30 pages of hand-wringing. An actual profile of TLS would be something like MUST TLS 1.1 or above, MUST PFS suites, MUST AES and SHA256, MUST E-then-M (and by implication what isn't explicitly permitted is denied). Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls