Hi all,
After thinking about this a little more, I think we should keep the
draft generic and not make it SCRAM specific. While I generally agree
with Jonathan's defense-in-depth strategy, there is also value in having
a direct replacement for tls-unique that can be substituted in
everywhere tls-u
Sorry for the confusion I caused.
HKDF is part of SP 800-56C. NIST says that what TLS 1.3 does isn't quite the
same, and therefore will not be covered by 56C. NIST wants to get TLS 1.3
validated for FIPS, and is currently trying to figure out how to do so. The
comment period for 56C closes Fr
On Sat, May 9, 2020 at 9:08 AM Salz, Rich
wrote:
>
> Sorry for the confusion I caused.
>
> HKDF is part of SP 800-56C. NIST says that what TLS 1.3 does isn't quite
the same, and therefore will not be covered by 56C. NIST wants to get TLS
1.3 validated for FIPS, and is currently trying to figure o
Rich,
Check out SP 800-52r2. Section 3.1 includes the following:
servers … should be configured to negotiate TLS 1.3.
and
Agencies shall support TLS 1.3 by January 1, 2024.
“should” and “shall” are defined in RFC 2119. One could make the case that you
are already there ;} If not, then I’m goi
FYI: This PR has been merged.
Best,
Chris, on behalf of the chairs
On Mon, May 4, 2020, at 10:08 AM, Christopher Wood wrote:
> Thanks, Alessandro! We'll aim to merge this PR on Friday. We ask that
> folks review it before then.
>
>https://github.com/tlswg/draft-ietf-tls-md5-sha1-deprecate/
