On 12/01/2014 09:33 PM, Peter Saint-Andre - &yet wrote: > > o There are no protocol mechanisms to negotiate the DH groups or > parameter lengths supported by client and server.
Well, it's not finished with standardization or deployment yet, but there is: https://tools.ietf.org/html/draft-ietf-tls-negotiated-ff-dhe I agree that implementations lacking this mechanism have a good reason to avoid using finite field DH. fwiw, i suspect we should also the term "finite field Diffie-Hellman cipher suites" instead of "modular Diffie-Hellman cipher suites", since elliptic curves are also modular. --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
