On Mon, Dec 1, 2014 at 10:57 PM, Brian Smith <[email protected]> wrote:
> Peter Saint-Andre - &yet <[email protected]> wrote: > > OLD > > <snip> > > > o There are no protocol mechanisms to negotiate the DH groups or > > parameter lengths supported by client and server. > > > > o Many servers choose DH parameters of 1024 bits or fewer. > > > > o There are widely deployed client implementations that reject > > received DH parameters if they are longer than 1024 bits. > > > > NEW > > <snip> > > > o There are no protocol mechanisms to negotiate the DH groups or > > parameter lengths supported by client and server. > > > > o There are widely deployed client implementations that reject > > received DH parameters if they are longer than 1024 bits. In > > addition, several implementations do not perform appropriate > > validation of group parameters and are vulnerable to attacks > > referenced in section 2.9 of [UTA-Attacks]." > > > > I don't agree with removing the second bullet, but the rest seems > relatively > > uncontroversial to me. > > Peter, > > I believe that Joe's suggested text was written before the second > bullet was added. The second bullet was added during this final WGCL > in response to a request by myself. In other words, this is just a > merge conflict, which is best resolved by merging the second bullet > into Joe's suggested text. > > [Joe] I'm OK with the second bullet. I'm not sure if it was not there when I reviewed it or if I left it out for not good reason I can think of. > Cheers, > Brian > > _______________________________________________ > Uta mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/uta >
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
