Carrick Bartle <[email protected]> writes: >In the situation you've described, they've been told they shouldn't use RSA >either, so clearly it doesn't matter to them what we've deprecated or not.
Yup, because if you give people the choice between not A but not B either then they have to ignore one of the two, and without further guidance they've chosen to go with literally the worst possible option instead of the perfectly-OK one. Piggybacking a reply to your other message, anything that's online is DoS- able. If I want to DoS a web server, or anything at all for that matter, I'll hit it with a botnet, an attack that's effective on anything no matter what algorithm it uses. It seems the only real reason for deprecating DHE is that it's not fashionable. And as my earlier message pointed out, this WG fashion statement has real consequences in practice. Peter. _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
