- From: Thomas Roessler <tlr@w3.org>
- Date: Tue, 16 Oct 2007 10:08:42 +0200
- To: "Hallam-Baker, Phillip" <pbaker@verisign.com>
- Cc: Luis Barriga <luis.barriga@ericsson.com>, Web Security Context Working Group WG <public-wsc-wg@w3.org>
On 2007-10-15 20:26:04 -0700, Phillip Hallam-Baker wrote: > I don't think we should write an exhaustive list olf strong > ciphers. The most we should do is to note that there is a set of > ciphers that the consensus recognizes as being acceptably strong > which should be supported. I'd rather we either reference some known-authoritative document that is being maintained elsewhere (because I don't see us taking on that kind of document maintenance role for this particular problem). The second-best approach might be to say "these are known bad [REF] [REF] [REF], for the rest, please do your due diligence." Regards, -- Thomas Roessler, W3C <tlr@w3.org>
Received on Tuesday, 16 October 2007 08:08:49 UTC