Thanks for the good comments during the meeting. This new version should
take care of them all:
- Updated the PRF and ECC curves for the AES-256 cipher suites.
- Included SHA_256 and SHA_384 in the cipher suite names.
- Made it clear which security considerations that apply. For the PSK
aspects, I
(no hats and al that)
On 25/07/15 06:46, Viktor Dukhovni wrote:
> I hope, that by ~2017, RC4 will no longer be required either, and
> we'll be able to disable RC4 in Postfix at that time.
Seems to me that should be a reasonable match for expecting to see
TLS1.3 getting deployed in lots of parts
> On 25/07/15 06:46, Viktor Dukhovni wrote:
>> I hope, that by ~2017, RC4 will no longer be required either, and
>> we'll be able to disable RC4 in Postfix at that time.
>
> Seems to me that should be a reasonable match for expecting to see
> TLS1.3 getting deployed in lots of parts of the mail i
To be clear: TLS 1.3 does not support RC4.
The only question is whether it's legal to concurrently offer RC4 with TLS
1.3
for purposes of using RC4 with TLS 1.2 (just as you can offer AES-CBC
even though TLS 1.3 does not support it.) I am trying to work through this
myself, as the interactions wit
Andrei proposes two changes in https://github.com/tlswg/tls13-spec/pull/209
The first expands the ways in which a server can identify
certificates. This is fine. I do wonder whether we can remove
CertificateType entirely for TLS 1.3 though (that can be done
separately).
The second is worrisome.
On 25 July 2015 at 16:13, Eric Rescorla wrote:
> The only question is whether it's legal to concurrently offer RC4 with TLS
> 1.3
> for purposes of using RC4 with TLS 1.2 (just as you can offer AES-CBC
> even though TLS 1.3 does not support it.) I am trying to work through this
> myself, as the in
> And the strategies vary. It might be that we don't need to worry about this,
> because we might have widely disabled RC4 by the time TLS
> 1.3 ships.
"we" meaning browsers. "we" not being everyone who will use TLS 1.3
Ekr has pointed out a problem; if you connect with a protocol range and pr
On 25 July 2015 at 17:48, Salz, Rich wrote:
> "we" meaning browsers. "we" not being everyone who will use TLS 1.3
>
> Ekr has pointed out a problem; if you connect with a protocol range and
> proffer RC4, can we do anything about it except point out multiple times that
> 1.3 servers MUST NOT ac
On Sat, Jul 25, 2015 at 06:54:36AM +, Salz, Rich wrote:
> > What we've cannot yet turn off is RC4.
>
> Then do not use TLS 1.3
Actually, we can use TLS 1.3, just not with peers that only do RC4.
Provided the 1.3 servers don't do anything actively hostile and
terminate the handshake when they
On Sat, Jul 25, 2015 at 07:01:42PM +0200, Martin Thomson wrote:
> On 25 July 2015 at 17:48, Salz, Rich wrote:
> > "we" meaning browsers. "we" not being everyone who will use TLS 1.3
> >
> > Ekr has pointed out a problem; if you connect with a protocol range and
> > proffer RC4, can we do anythi
I'm pretty sure some/all of this was likely mentioned elsewhere, but I don't
see any discussion on-list. (it was mentioned in part of the IETF 93 recording
I watched as this whole topic needing to go to the list, as well) There's also
related TODOs in the draft on this topic. Here's a start to t
On Saturday, July 25, 2015 01:18:49 pm Viktor Dukhovni wrote:
> I would go further, and say that "prohibiting RC4" in any sense
> that is more than prohibiting its use as the final outcome of a
> handshake would be a rather counter-productive strategy.
>
> Servers and clients are strongly encourag
On Sat, Jul 25, 2015 at 02:53:17PM -0400, Dave Garrett wrote:
> 3) Just to state the obvious: If a client is going to do PSK resumption
> with a non-PFS suite, it needs to offer a non-PFS suite.
Forward-secrecy is not about doing or not doing DHE/ECDHE those
are just means to an end. Forward-sec
On Sat, Jul 25, 2015 at 8:53 PM, Dave Garrett
wrote:
> I'm pretty sure some/all of this was likely mentioned elsewhere, but I
> don't see any discussion on-list. (it was mentioned in part of the IETF 93
> recording I watched as this whole topic needing to go to the list, as well)
> There's also r
On Sat, Jul 25, 2015 at 03:00:54PM -0400, Dave Garrett wrote:
> On Saturday, July 25, 2015 01:18:49 pm Viktor Dukhovni wrote:
> > I would go further, and say that "prohibiting RC4" in any sense
> > that is more than prohibiting its use as the final outcome of a
> > handshake would be a rather coun
15 matches
Mail list logo
