Hi Everyone, Following the discussions around draft-bartle-tls-deprecate-ffdh and draft-aviram-tls-deprecate-obsolete-kex, and after consulting the chairs, we have merged the two drafts into draft-aviram-tls-deprecate-obsolete-kex <https://datatracker.ietf.org/doc/draft-aviram-tls-deprecate-obsolete-kex/>.
The merged draft prescribes the following: 1. RSA key exchange is a MUST NOT. 2. Non-ephemeral finite-field DH is a MUST NOT. 3. Non-ephemeral ECDH is a SHOULD NOT. 4. Ephemeral finite-field DH (DHE) is a MAY, only when fully ephemeral, and only using a well-known group of size at least 2048 bits. We added greater justification for point 3 <https://www.ietf.org/archive/id/draft-aviram-tls-deprecate-obsolete-kex-01.html#name-security-considerations-2> above to address concerns previously raised on the list. We'd love to hear your thoughts. best wishes, Carrick and Nimrod
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
