PM
To: Ben Personick
Cc: TLS WG
Subject: Re: [TLS] Mail regarding draft-ietf-tls-tls13
> On Jun 19, 2018, at 11:17 AM, Ben Personick
> wrote:
>
> Yes, I meant ECDHE_ECDSA and ECDHE_RSA are both supported in TLS 1.3, I’d
> been lead to believe that all RSA based ciphers were n
On Tue, Jun 19, 2018 at 03:17:26PM +, Ben Personick wrote:
> Hi Rich,
> Yes, I meant ECDHE_ECDSA and ECDHE_RSA are both supported in TLS 1.3, I’d
> been lead to believe that all RSA based ciphers were not supported.
>
> Having seem some further responses, it appears it is only the NON ECDH
Ben Personick wrote:
>
> (My apology for the long email, I did not have time to write a shorter one)
> We are currently evaluating when to begin offering ECC Certificates
> based cypto on our websites.
>
> Despite the advantages to doing this in TLS 1.2, there is a lot of
> push-back to wait un
> On Jun 19, 2018, at 11:17 AM, Ben Personick
> wrote:
>
> Yes, I meant ECDHE_ECDSA and ECDHE_RSA are both supported in TLS 1.3, I’d
> been lead to believe that all RSA based ciphers were not supported.
>
> Having seem some further responses, it appears it is only the NON ECDHE RSA
> Ba
From: Salz, Rich [mailto:rs...@akamai.com]
Sent: Tuesday, June 19, 2018 11:07 AM
To: Ben Personick ; TLS WG
Subject: Re: [TLS] Mail regarding draft-ietf-tls-tls13
> Since TLS 1.3 will continue to allow ecdsa_rsa ciphers, there will be no
> push to move towards offering them, because of v
> Since TLS 1.3 will continue to allow ecdsa_rsa ciphers, there will be no
> push to move towards offering them, because of various 'reasons'.
I think you mean ECDH with RSA. But yes, that’s a common situation, few
organizations pay to add security until they’re “forced” to do so. You’re not
ot influence it
> Ben
>
>
> From: Viktor Dukhovni
> Sent: Monday, June 18, 2018 12:32
> To: Ben Personick
> Cc: TLS WG
> Subject: Re: [TLS] Mail regarding draft-ietf-tls-tls13
>
> > On Jun 18, 2018, at 9:10 AM, Ben Personick
> > wrote:
> >
> On Jun 18, 2018, at 3:12 PM, Ben Personick wrote:
>
> So essentially TLS 1.3 drops support for DH/DHE ciphers on RSA keys, but
> willl otherwise work as expected?
No, it drops support for *non* (EC)DHE RSA ciphers,
keeping *only* the (EC)DHE RSA ciphers, for specific
FFDHE groups (as befor
Hello Tony,
So essentially TLS 1.3 drops support for DH/DHE ciphers on RSA keys, but
willl otherwise work as expected?
Ben
From: Tony Arcieri
Sent: Monday, June 18, 2018 11:36
To: Ben Personick
Cc:
Subject: Re: [TLS] Mail regarding draft-ietf-tls-tls13
On
x27;.
Ben
From: Viktor Dukhovni
Sent: Monday, June 18, 2018 12:32
To: Ben Personick
Cc: TLS WG
Subject: Re: [TLS] Mail regarding draft-ietf-tls-tls13
> On Jun 18, 2018, at 9:10 AM, Ben Personick wrote:
>
> There is a common thread circulating, that all support for RSA
> Certificat
On Mon, Jun 18, 2018 at 12:12 PM Ben Personick
wrote:
> So essentially TLS 1.3 drops support for DH/DHE ciphers on RSA keys, but
> willl otherwise work as expected?
>
DH/DHE ciphers are orthogonal to RSA key transport/encipherment. The latter
uses the RSA algorithm for encryption, without any
> On Jun 18, 2018, at 9:10 AM, Ben Personick wrote:
>
> There is a common thread circulating, that all support for RSA
> Certificates/Ciphers are dropped in TLS 1.3.
This is not the case.
> As I wrote in the last email, I am aware we can implemenet ECC certs and
> ciphers in TLS 1.2, along
On Mon, Jun 18, 2018 at 6:30 AM Ben Personick
wrote:
> There is a common thread circulating, that all support for RSA
> Certificates/Ciphers are dropped in TLS 1.3.
>
RSA certificates will continue to work in TLS 1.3+.
What will not be supported in TLS 1.3+ is RSA key transport / key
encipherme
Hello Sean
Thanks for the explination. :)
Ben
From: Sean Turner
Sent: Saturday, June 16, 2018 11:04 PM
To: Ben Personick
Cc: tls@ietf.org
Subject: Re: [TLS] Mail regarding draft-ietf-tls-tls13
> On Jun 12, 2018, at 16:15, Ben Personick wrote:
>
>
Cc: tls@ietf.org
Subject: Re: [TLS] Mail regarding draft-ietf-tls-tls13
> On Jun 12, 2018, at 4:15 PM, Ben Personick wrote:
>
> We are currently evaluating when to begin offering ECC Certificates based
> cypto on our websites.
>
> Despite the advantages to doing this in TLS
> On Jun 12, 2018, at 4:15 PM, Ben Personick wrote:
>
> We are currently evaluating when to begin offering ECC Certificates based
> cypto on our websites.
>
> Despite the advantages to doing this in TLS 1..2, there is a lot of push-back
> to wait until we “have to support it” once the TLS 1
> On Jun 12, 2018, at 16:15, Ben Personick wrote:
>
> I have read some articles saying the draft is approved, but on looking it
> seems not to be, I am a little unsure why the draft has been stuck in this
> seemingly nearly finished but not quite ready state for 3 months.
The draft has bee
Dear Sirs at the IETF,
(My apology for the long email, I did not have time to write a shorter one)
We are currently evaluating when to begin offering ECC Certificates based
cypto on our websites.
Despite the advantages to doing this in TLS 1.2, there is a lot of push-back
to wait until we "h
18 matches
Mail list logo
