Hi all,
I would like to state up front that I am not disputing the sentence
"Implementations MUST support TLS 1.2 [RFC5246]." If that's consensus, I
guess I'm just in the rough, and at least the text covering implementations
is much more encouraging than I expected.
But the document is still not
Hi Peter,
Thank you for your comments and sorry for the delayed response.
The abstract of the Racoon paper mentions TLS-DH(E) five times, so clearly the
authors believe it applies to both TLS-DH and DHE. I think the disconnect is
that Racoon is about public key reuse which you would characteriz
Peter Saint-Andre writes:
>Given that we already discuss these matters in Section 7.4, I don't see the
>need for additional text.
The issue that I pointed out is in section 4.1, "General Guidelines", while
what you're referring to is buried in the security considerations right at the
end. What'
On 8/3/22 12:07 AM, Peter Gutmann wrote:
Peter Saint-Andre writes:
Hi Cullen, having looked more closely at the text that's already in 7525bis,
I have a few questions inline...
Me too, specifically in regard to the "DHE negotiation is broken" comment.
The draft says:
However, TLS 1.2
Peter Saint-Andre writes:
>Hi Cullen, having looked more closely at the text that's already in 7525bis,
>I have a few questions inline...
Me too, specifically in regard to the "DHE negotiation is broken" comment.
The draft says:
However, TLS 1.2 implementations SHOULD
NOT negotiate
Hi Cullen, having looked more closely at the text that's already in
7525bis, I have a few questions inline...
On 8/1/22 4:18 PM, Peter Saint-Andre wrote:
On 8/1/22 2:58 PM, Cullen Jennings wrote:
On Jul 30, 2022, at 1:40 PM, Peter Saint-Andre
wrote:
Hi again,
The authors have conferred
On 8/1/22 2:58 PM, Cullen Jennings wrote:
On Jul 30, 2022, at 1:40 PM, Peter Saint-Andre wrote:
Hi again,
The authors have conferred on this and at this time we don't think that we can
recommend anything other than EC ciphers, for several reasons:
1. DHE negotiation is broken.
Perhaps a
> On Jul 30, 2022, at 1:40 PM, Peter Saint-Andre wrote:
>
> Hi again,
>
> The authors have conferred on this and at this time we don't think that we
> can recommend anything other than EC ciphers, for several reasons:
>
> 1. DHE negotiation is broken.
Perhaps a bit more explanation in the d
