> On Mar 3, 2016, at 1:33 AM, Randy Bush <randy@xxxxxxx> wrote: > > i expect that, at least for the rest of my career, there will always be > stronger and weaker crypto. and we will repeatedly go through the pain > of purging the [then] weak, with folk screaming about compatibility with > doors 2005. The way I see it for opportunistic TLS in general, and Postfix specifically, is that the sensible approach is to prune the deadwood once it is no longer useful for interoperability except with a theoretical, but in practice negligible to non-existent minority of peers. That is, once removing obsolete and week crypto has no practical negative consequences, we should just do it. What makes this possible is widespread adoption of better alternatives, at which point algorithm agility (often derided in some circles) makes it possible to move on. At this point SSLv2, SSLv3, EXPORT ciphers and single DES are disabled in Postfix by default. It is sensible for ietf.org to apply similar settings. -- Viktor.