On 22 July 2015 at 01:50, Kyle Rose <kr...@krose.org> wrote: > I'd like to see the bits of the cipher suite associated entirely with > ephemeral data tied together roughly by security margin
I've seen this argument several times, but there are reasons why you might want a non-homogenous strength profile. The argument for consistency is appealing, but given that the design of TLS is historically[1] vulnerable to the weakest *supported* algorithm as opposed to the weakest *used* algorithm, I am not concerned about ensuring consistency. [1] ... and likely in future, despite our best efforts > The one thing I'm having trouble pinning down is PSK. I fear it's not > a separate dimension, because it replaces both signature and KEX. Yes, this is a problem. I like to think of PSK as KEX with null auth. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
