On Thu, Mar 3, 2016 at 6:03 AM, Stephen Farrell
<stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie> wrote:
On 03/03/16 07:11, Viktor Dukhovni wrote:
The way I see it for opportunistic TLS in general, and Postfix specifically,
is that the sensible approach is to prune the deadwood once it is no longer
useful for interoperability except with a theoretical, but in practice
negligible
to non-existent minority of peers. That is, once removing obsolete
and week crypto has no practical negative consequences, we should just do it.
This was something we debated during the processing of
RFC7435. I do think the OS approach is a fine thing, but
I'd be much more for ditching weak crypto than you.
DROWN, LOGJAM and other attacks demonstrate that keeping
weak crypto code around does have negative consequences,
and with DROWN those are pretty impressively negative.
This is also an argument for multi-layer security.
Transport Layer Security isn't a panacea, it has limitations. Back in
1995 we had to choose the one place we applied encryption because
machines were slow. Today we can and should have multi-level security.
We need message layer security in addition to transport. And we need
an infrastructure for deploying client side key material.