> But then we have: > * AES and ChaCha (two modes for the former one even) > * RSA and ECDSA > * NIST curves and Bernstein curves > * ECDHE key exchange an DHE key exchange
This is a good point to bring up, but I think it can be resolved easily. AES/ChaCha -- if only mobile you'll do chacha else you have hardware assist and will do AES. RSA and ECDSA -- you'll only do one, depending on which cert you bought from your CA, and who even has commercial ECDSA certs yet? NIST v Bernstein might be harder, but the performance of X25519 will win out. ECDHE vs DHE? Who would ever bother to do DHE these days? Now, how can you give clear guidance on when to pick SHA2 over SHA3? It's different from the others because it is truly a multiplicative choice; all of the others have clear guidance on when to pick which. -- Senior Architect, Akamai Technologies IM: richs...@jabber.at Twitter: RichSalz _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls