On Thu, Mar 3, 2016 at 6:03 AM, Stephen Farrell <stephen.farrell@xxxxxxxxx> wrote: > > > On 03/03/16 07:11, Viktor Dukhovni wrote: > >> The way I see it for opportunistic TLS in general, and Postfix specifically, >> is that the sensible approach is to prune the deadwood once it is no longer >> useful for interoperability except with a theoretical, but in practice negligible >> to non-existent minority of peers. That is, once removing obsolete >> and week crypto has no practical negative consequences, we should just do it. > > This was something we debated during the processing of > RFC7435. I do think the OS approach is a fine thing, but > I'd be much more for ditching weak crypto than you. > > DROWN, LOGJAM and other attacks demonstrate that keeping > weak crypto code around does have negative consequences, > and with DROWN those are pretty impressively negative. This is also an argument for multi-layer security. Transport Layer Security isn't a panacea, it has limitations. Back in 1995 we had to choose the one place we applied encryption because machines were slow. Today we can and should have multi-level security. We need message layer security in addition to transport. And we need an infrastructure for deploying client side key material.