On Wed, Sep 16, 2015 at 01:20:37PM -0700, Brian Smith wrote: > I think it is a good idea to remove DH_anon_* and similar ECDH_anon_* > cipher suites. > > This isn't an endorsement of the raw public key modes.
Sure, one can always use self-signed certs (at an even higher cost to do anonymity). If we're going to raise the cost of anonymity for the sake of simplicity in TLS 1.3, do let's try to keep that cost from escalating. Raw public keys are not a large additional complexity cost. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
