On Tue, Apr 23, 2024 at 8:35 AM David Benjamin
wrote:
> I'll add that if we're wrong and someone *does* need these, it is all the
> more important that we communicate our intentions! The current situation is
> that we have effectively deprecated this by not adding a way to use those
>
I'll add that if we're wrong and someone *does* need these, it is all the
more important that we communicate our intentions! The current situation is
that we have effectively deprecated this by not adding a way to use those
certificates in TLS 1.3, but we forgot to say so. A hypothetical
Having worked on a TLS implementation and removed code for this, I can tell
you that is *not* simply a natural side-effect of supporting DH
certificates. These modes interact with the TLS handshake logic a fair bit.
They omit the ServerKeyExchange message and change the ClientKeyExchange
message.
Blumenthal, Uri - 0553 - MITLL writes:
>Nobody in the real world employs static DH anymore – in which case this draft
>is useless/pointless
It's not "any more", AFAICT from my inability to find any evidence of the
certificates needed for it in 25-odd years it's "nobody has ever used static
DH"
is to make it so complex there are no obvious deficiencies.*
> *
> - C. A. R. Hoare*
>
>
> *From: *TLS on behalf of Viktor Dukhovni
>
> *Date: *Sunday, April 21, 2024 at 14:07
> *To: *tls@ietf.org
> *Subject: *[EXT]
*TLS on behalf of Viktor Dukhovni <
> ietf-d...@dukhovni.org>
> *Date: *Sunday, April 21, 2024 at 14:07
> *To: *tls@ietf.org
> *Subject: *[EXT] Re: [TLS] Deprecating Static DH certificates in the
> obsolete key exchange document
>
>
.
- C. A. R. Hoare
From: TLS on behalf of Viktor Dukhovni
Date: Sunday, April 21, 2024 at 14:07
To: tls@ietf.org
Subject: [EXT] Re: [TLS] Deprecating Static DH certificates