On 11/12/14, 4:04 AM, Stephen Farrell wrote:
This is good enough.
comments..
1) a nit in 4.3:
OLD:
Servers SHOULD authenticate using at least 2048-bit certificates.
NEW:
When using RSA servers SHOULD authenticate using certificates with
at least a 2048-bit modulus for the public key.
Ack.
I didn't spot the same thing elsewhere but it could be there.
I didn't see any other instances.
2) 5.2 title and elsewhere - use "Opportunistic Security" and not
"Opportunistic Encryption" we had that (boring;-) debate so we may
as well stick to the outcome
Will fix in the title and in the running text.
3) Wrt Brian's point about DHE 1024, I think that was already discussed
on the list earlier and while the mozilla figures are interesting they
don't change my mind - I think the benefit of PFS and the fact that
s/w updates can fix this silently after one has configured the DHE
cipherstuite and that the draft already says you should use 2048 all
add to to where the draft is ok as-is.
That seems sensible to me.
Peter
--
Peter Saint-Andre
https://andyet.com/
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
