+1 for forbidding more old crap. Lack of forward secrecy should imply at least NOT RECOMMENDED.
Does it make sense to forbid things for TLS 1.0 and TLS 1.1 when we soon have an RFC forbidding use of TLS 1.0 and TLS 1.1? Cheers, John -----Original Message----- From: TLS <[email protected]> on behalf of Martin Thomson <[email protected]> Date: Monday, 8 March 2021 at 16:34 To: "[email protected]" <[email protected]> Subject: [TLS] Regarding draft-bartle-tls-deprecate-ffdhe Well overdue. We should do this. The title "Deprecating FFDH(E) Ciphersuites in TLS" doesn't seem to match the document content. I only see static or semi-static DH and ECDH key exchange being deprecated (in the document as non-ephemeral). _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
