Yes to Viktor's and Peter's comments. I can't understand fanaticism expressed in this "deprecate..." attempt. Besides, it is simply unwise.
--
V/R,
Uri
There are two ways to design a system. One is to make it so simple there are
obviously no deficiencies.
The other is to make it so complex there are no obvious deficiencies.
- C. A. R. Hoare
On 7/14/23, 03:02, "TLS on behalf of Peter Gutmann" <[email protected] on
behalf of [email protected]> wrote:
Viktor Dukhovni <[email protected]> writes:
>What benefit do we expect from forcing weaker security (RSA key exchange or
>cleartext in the case of SMTP) on the residual servers that don't do either
>TLS 1.3 or ECDHE?
This already happens a lot in wholesale banking, the admins have dutifully
disabled DH because someone said so and so all keyex falls back to RSA circa
1995, and worst possible situation to be in.
There needs to be clear text in there to say that if you can't do ECC then
do
DH but never RSA, or even just "keep using DH because it's still vastly
better
than the alternative of RSA". At the moment the blanket "don't do DH" is in
effect saying "use RSA keyex" to a chunk of the market.
Peter.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
