On Thursday, July 23, 2015 12:00:34 pm Viktor Dukhovni wrote: > On Thu, Jul 23, 2015 at 11:43:45AM -0400, Dave Garrett wrote: > > Plus, "MUST" use DHE or ECDHE for ALL connections, even back to TLS 1.0, > > or abort with a fatal error. > > Who's going to police the Internet to remove all the legacy services?
I'm not proposing a non-PFS diediedie RFC; just that no TLS 1.3+ server should ever be willing to negotiate non-PFS. (again, with very limited possible exceptions) I was probably unclear, but I'm primarily talking about server-side here, as it was a reply to a server-side issue. Clients SHOULD only be negotiating PFS, but I think servers MUST only negotiate PFS. > Exchange 2003 has a broken 3DES implementation. The only working > ciphersuites are RC4-SHA/RC4-MD5. RC4 already got a diediedie RFC. If their 3DES stays broken, and nothing better is available, it's already considered illegitimate to continue using. Also, I don't care. It is not the role of the TLS 2015 WG to work around bugs in abandoned software from 12 years ago. Dave _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
