[TLS] Zaheduzzaman Sarker's No Objection on draft-ietf-tls-exported-authenticator-14: (with COMMENT)

Zaheduzzaman Sarker has entered the following ballot position for draft-ietf-tls-exported-authenticator-14: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.)

[TLS] Deprecating FFDHE + RSA Key Exchange

Dear all, Following the discussion around draft-bartle-tls-deprecate-ffdhe, what are your thoughts on deprecating RSA key exchange, and Finite-Field Diffie-Hellman? (This would probably happen in a separate document.) Considering the following different areas/use cases: 1. On the open Internet/we

Re: [TLS] [Last-Call] Genart last call review of draft-ietf-tls-exported-authenticator-13

Christer, thank you for your review. I have entered a No Objection ballot for this document. Lars > On 2020-10-28, at 10:29, Christer Holmberg via Datatracker > wrote: > > Reviewer: Christer Holmberg > Review result: Ready > > I am the assigned Gen-ART reviewer for this draft. The General A

Re: [TLS] Deprecating FFDHE + RSA Key Exchange

As has been pointed out, TLS is *not* just the Web. And TLS peers are not necessarily browsers. Yes, there are reasons to avoid deprecating FFDHE with RSA signatures on the open Internet (besides that doing it would be silly counterproductive, as not everybody uses ECC). Limiting FFDHE t

[TLS] Éric Vyncke's No Objection on draft-ietf-tls-exported-authenticator-14: (with COMMENT)

Éric Vyncke has entered the following ballot position for draft-ietf-tls-exported-authenticator-14: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please

[TLS] Benjamin Kaduk's Yes on draft-ietf-tls-exported-authenticator-14: (with COMMENT)

Benjamin Kaduk has entered the following ballot position for draft-ietf-tls-exported-authenticator-14: Yes When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer

Re: [TLS] Secdir telechat review of draft-ietf-tls-exported-authenticator-14

Hi Yaron, Thanks for the (multiple!) reviews. My understanding is that the intention is not to allow "server_name" in all CertificateRequests but only specifically in the ClientCertificateRequest case. I think it can be helpful to notate that with a "CR" in the "TLS 1.3" column of the registry b

Re: [TLS] Secdir telechat review of draft-ietf-tls-exported-authenticator-14

I fully agree. Thank you Ben! On 4/6/21, 21:43, "Benjamin Kaduk" wrote: Hi Yaron, Thanks for the (multiple!) reviews. My understanding is that the intention is not to allow "server_name" in all CertificateRequests but only specifically in the ClientCertificateRequest case.