On Thu, Mar 03, 2016 at 11:03:25AM +0000, Stephen Farrell wrote:
The way I see it for opportunistic TLS in general, and Postfix specifically,
is that the sensible approach is to prune the deadwood once it is no longer
useful for interoperability except with a theoretical, but in practice
negligible
to non-existent minority of peers. That is, once removing obsolete
and week crypto has no practical negative consequences, we should just do
it.
This was something we debated during the processing of
RFC7435. I do think the OS approach is a fine thing, but
I'd be much more for ditching weak crypto than you.
We're not in significant disagreement.
I'm not advocating keeping weak crypto around, in fact the opposite.
Rather I drawing advocating some attention to balancing interoperability
needs in the timing of the removal. For opportunistic security,
breaking interoperability *in practice* (not just in theory) is to
be avoided in the early phase of deprecation when better alternatives
are not sufficiently widely deployed. If or once better alternatives
are almost universally deployed, out it goes.
--
Viktor.