Hello Viktor, Thanks for your thoughtful reply.
I haven't read the draft itself, only the articals which point to it. There is a common thread circulating, that all support for RSA Certificates/Ciphers are dropped in TLS 1.3. As I wrote in the last email, I am aware we can implemenet ECC certs and ciphers in TLS 1.2, along side RSA certs/ciphers, however there is a consistent fear of breaking what already works by moving onto offering both an ECC and RSA certificate and corrosponding ciphers. If TLS 1.3 does support RSA certs, that removes the drive to begin offering ecdhe_ecdsa alongside ecdhe_rsa, which essentially moves it back to the "Do not need to implement pile", which will not tick forward into the "must implement" pile until it is absolutely required. I was sincerely hoping to be able to use the expected "end of ths RSA Cert" to move us there in preparation of supporting TLS 1.3 and for once be ahead of the curve instead of implemementing what seems to be superiod encryption methods much later. Ben ________________________________ From: Viktor Dukhovni <[email protected]> Sent: Saturday, June 16, 2018 11:31 PM To: Ben Personick Cc: [email protected] Subject: Re: [TLS] Mail regarding draft-ietf-tls-tls13 > On Jun 12, 2018, at 4:15 PM, Ben Personick <[email protected]> wrote: > > We are currently evaluating when to begin offering ECC Certificates based > cypto on our websites. > > Despite the advantages to doing this in TLS 1..2, there is a lot of push-back > to wait until we “have to support it” once the TLS 1.3 draft is published, > and the option to use it becomes available. I am puzzled why you feel you have to support ECC certificates with TLS 1.3, and yet not for TLS 1.2? RSA certificates continue to be supported in TLS 1.3, and ECDSA certificates are well supported in TLS 1.2. Are you referring to deploying ECC certificates in your server software, or interoperating with ECC servers in your client software? If the latter, then indeed you should start to support servers that can only present ECDSA, rather than RSA, certificates. And do so with both TLS 1.2 and TLS 1.3, it is not clear why you'd wait for TLS 1.3 to be published. (We can party when it comes out, but that should not IMHO hold up implementations of ECDSA support). -- -- Viktor.
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
