Hi, What I personally think would be necessary for TLS2:
* At least one quantum-computing resistant algorithm which must be useable either as replacement for DH+RSA+EC, or preferrably as additional strength(double encryption) for the transition period. * Zero-Knowledge password authentication (something like TLS-SRP), but automatically re-encrypted in a normal server-authenticated TLS session (so that it's still encrypted with the server if you used a weak password). * Having client certificates be transmitted in the encrypted channel, not in plaintext Best regards, Philipp _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography