Ack, of course. My views are the same tho.
From: Joseph Salowey <[email protected]> Date: Monday, August 30, 2021 at 2:32 PM To: Rich Salz <[email protected]> Cc: "[email protected]" <[email protected]> Subject: Re: [TLS] Adoption call for Deprecating FFDH(E) Ciphersuites in TLS On Mon, Aug 30, 2021 at 10:47 AM Salz, Rich <[email protected]<mailto:[email protected]>> wrote: By “obsolete keyex draft” you mean expired, right? [Joe] I mean this draft - draft-aviram-tls-deprecate-obsolete-kex-00 (the subject of the other adoption call). There were several comments that we should merge the two drafts. Since draft-bartle-tls-deprecate-ffdh-00 and the expired draft-bartle-tls-deprecate-ffdhe-00 are similar I would expect we would merge content from draft-bartle-tls-deprecate-ffdh-00 into draft-aviram-tls-deprecate-obsolete-kex-00 with perhaps some addition text on certificates with static keys. I am in favor of MUST NOT have a certificate with DH keys. So yes to 1. I think #2 is unenforceable/undetectable, but would be happy to be convinced otherwise. So I’m unsure about #2. But yes, let’s adopt and merge in the expired keyex draft and then argue over it.
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
