On Mon, Aug 31, 2015 at 9:45 AM, Nico Williams <n...@cryptonector.com> wrote:
> On Mon, Aug 31, 2015 at 09:18:34AM -0700, Eric Rescorla wrote: > > On Mon, Aug 31, 2015 at 9:13 AM, Nico Williams <n...@cryptonector.com> > > wrote: > > > I'm not sure how I feel about this. The idea that we always do a DH > key > > > exchange and always have a server signature means we can greatly reduce > > > the number of ciphersuites, so that's quite helpful. We'd have to > apply > > > this to PSK too to make it really worthwhile. > > > > Certainly it would be nice to get rid of PSK too but just getting rid of > > DH_anon makes a non-trivial difference. > > How would we get rid of PSK [without DH]? What would the impact be on > IoT devices? Could we have a fake-DH-and-signature PSK scheme to make > it easy on IoTs? I guess I wasn't clear: I'm not in favor of getting rid of PSK. I'm saying that even if we still have PSK, removing DH_anon as an explicit mode makes things simpler. -Ekr
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
