Re: [TLS] consensus call: deprecate all FFDHE cipher suites

Tue, 13 Dec 2022 15:01:26 -0800 

That sounds like deprecation to me (stop building new things this way...)

 

Build new things that stop interoperating with old things? Does not sound smart 
to me.

 

Not to mention that there’s zero security reasons for this deprecation.

 

I support deprecating all FFDHE cipher suites. The IETF should not perpetually 
support systems that can't be upgraded.

 

Yeah, who cares for systems like SCADA. Sure.

 

 

On Tue, Dec 13, 2022 at 7:51 AM Blumenthal, Uri - 0553 - MITLL 
<[email protected]> wrote:

I do not support deprecation, because there will be deployed devices (IoT, 
SCADA) that aren’t upgradable – and the new stuff will have to access them.

 

I’ll spare the group my personal opinion about this draft.

-- 

V/R,

Uri

 

 

From: TLS <[email protected]> on behalf of Ira McDonald 
<[email protected]>
Date: Tuesday, December 13, 2022 at 10:47
To: Sean Turner <[email protected]>, Ira McDonald <[email protected]>
Cc: TLS List <[email protected]>
Subject: Re: [TLS] consensus call: deprecate all FFDHE cipher suites

 

Hi,

 

Yes - I support deprecating all FFDHE cipher suites including well-known groups.

 

Cheers,

- Ira

 

 

On Tue, Dec 13, 2022 at 9:46 AM Sean Turner <[email protected]> wrote:

During the tls@IETF 115 session topic covering 
draft-ietd-tls-deprecate-obsolete-kex, the sense of the room was that there was 
support to deprecate all FFDHE cipher suites including well-known groups. This 
message starts the process to judge whether there is consensus to deprecate all 
FFDHE cipher suites including those well-known groups. Please indicate whether 
you do or do not support deprecation of FFDHE cipher suites by 2359UTC on 6 
January 2023. If do not support deprecation, please indicate why.

NOTE: We had an earlier consensus call on this topic when adopting 
draft-ietd-tls-deprecate-obsolete-kex, but the results were inconclusive. If 
necessary, we will start consensus calls on other issues in separate threads.

Cheers,
Chris, Joe, and Sean
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls

_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls

Reply via email to