On Fri, Jul 19, 2019 at 03:50:14PM -0400, Christopher Morrow wrote: > This, 'publish between an rfc and ID' is, I think, what the > living-documents/evolving-documents work was supposed to enable. > I was going to dither with John's suggestion of 7525 as an example, > mostly because TLS tends to get people's hackles up :) but.. actually, > because of things like: > https://tools.ietf.org/html/rfc7525#page-11 > > this is a great example actually. The advice to set cipher suites and > other options for TLS has been changing quite a bit of late, having a > consistent location that's not 'rando website cipherl.st ?' seems like > a great plan, to me. If that location is able to keep up in close to > real time with all the various 'heartbleed' type problems so much the > better. We should be making this simpler and easier to locate and > digest, right? and up-to-date to the best of our ability? Good point. Not only that, but the notion of "cryptographic strength" of various cipher/digest/MAC algorithms and ciphersuites, public key algorithms and protocols, PRFs, and other functions, vary over time as cryptanalysis advances. A registry of current perceived cryptographic strength, subject to significantly less strenuous review than Standards Action, would be useful. Perhaps we could make this an IANA registry, though that seems a bit of a stretch. Nico --
