In the situation you've described, they've been told they shouldn't use RSA either, so clearly it doesn't matter to them what we've deprecated or not. We should deprecate insecure algorithms; the fact that there's a spectrum of insecurity among deprecated algorithms does not detract from the fact that they are all best avoided.
On Wed, Dec 14, 2022 at 3:07 AM Peter Gutmann <[email protected]> wrote: > Nimrod Aviram <[email protected]> writes: > > >Let me clarify that the document also has RSA as a MUST NOT. > > > >So there will be no reason to read this document and switch from FFDHE to > >RSA. > > If you tell people they can't have A but they can't have B either then > they're > going to have to choose one of the two in order to communicate, and in (at > least some) banking it's RSA, the most insecure option there is, because > they've been told they shouldn't use DHE. > > Peter. > > _______________________________________________ > TLS mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
