IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [TLS] Still missing: TLS_ECDH_anon_WITH_AES_xxx_GCM_SHAxxx



Alyssa Rowan <akr%akr.io@localhost> writes:

>Can we perhaps make that a SHOULD NOT (or even a MUST NOT), if it somehow
>isn't already? It's way too common in the wild, and it really is next to
>useless practice from the same kind of wilful carelessness that brought the
>world so many default/engineering/field service passwords/backdoors.

I doubt it'll make any difference, those who would read and follow the RFC on
this point won't be using insecure certs/keys anyway, and those who are using
them will ignore (or not even read to that point) the RFC.  I've heard this
sort of thing referred to in the past as "workgroup posturing", and that's
unfortunately what it'll be...

Peter.



Home | Main Index | Thread Index | Old Index