Pasi.Eronen@xxxxxxxxx wrote, On 2008-01-22 00:41:
(2) Keep IDEA and single-DES in the TLS 1.2 main specification,
but include a short advice along the lines described above.
I strongly prefer that choice.
If we say "MUST NOT" or even merely remove the definitions of those
suites from TLS 1.2, then interoperability problems will certainly
arise. Servers will be created that reject client hellos that contain
those cipher suite numbers, even if those hellos also include other
cipher suite numbers that are acceptable.
I'd even go so far as to suggest that text be added stating that
compliant TLS 1.2 implementations MUST NOT reject client hellos simply
because those client hellos contain cipher suite numbers that are
deprecated, or undefined in TLS 1.2, or are "MUST NOT" (as in export
cipher suites) for TLS 1.2. If no acceptable cipher suite is found,
that's a problem but no server should ever reject a client hello simply
because it contains one or more cipher suite numbers that are unpopular.
(Yes, I have seen servers that actually do that.)