On Thu, Dec 14, 2017 at 02:58:59PM -0800, Watson Ladd wrote: > Let's not forget defense 0: migrating away from broken algorithms > (which means turning them off). The fact that we didn't switch MTI > away from RSA encryption in TLS 1.1 after these attacks were > disclosed, or even in TLS 1.2, means that we've got a very long time > before some sites can turn off these algorithms. Given that some > places can't turn off SSL v3, it's not clear we can ever turn off a > widely implemented protocol.
I think the main problem in way of just deleting static RSA code is those "visibility" folks. Because vast majority of clients that are not utter garbage for other reasons support PFS with decent key sizes. (And then there are folks that interpret MTI in insane ways). -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
