On 9/16/15, 4:19 , "TLS on behalf of Peter Gutmann" <tls-boun...@ietf.org on behalf of pgut...@cs.auckland.ac.nz> wrote:
>Jeffrey Walton <noloa...@gmail.com> writes: >>Somewhat off-topic, why does TLS not produce a few profiles. One can be >>"Opportunistic TLS Profile" with a compatible security posture and >>include >>ADH. Another can be a "Standard TLS Profile" and include things like >>export >>grade crypto, weak and wounder ciphers SSLv3, etc. Finally, there can be >>a >>"TLS Defensive profile" where you get mostly the strong the protocols and >>ciphers, HTTPS Pinning Overrides are not allowed so the adversary cannot >>break the secure channel by tricking a user, etc. > >+1. At the moment you're stuck with everything-all-the-time (or >alternatively >one-size-misfits-all) where you have to support every single mechanism and >quirk and add-on, when all you want most of the time is to set up a basic >secure tunnel from A to B. Having profiles would be a great help, so all >the >other standards groups that build on TLS can refer to, say, the emebedded- >device profile or the PFS-with-PSK profile rather than having to hack >around >the standard themselves. +2. I think this is necessary, *and* falls (or should fall) under the TLS WG prerogative.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls