On Friday, October 09, 2015 12:49:02 pm Viktor Dukhovni wrote: > I think this is "too clever" (a "hack" not a design) and offers
Every fix to an issue in this 20 year old protocol will be a hack. > incomplete protection (does nothing to protect RSA key transport). Better than none, for a very low cost. > So I do not support adoption of this proposal. > > If new attacks against TLS 1.0--1.2 emerge that enable MITM via > version downgrade combined with use of weaker algorithms, then > we'll just have to prohibit those weaker algorithms in TLS 1.3 > servers (and possibly also clients). Those changes are harder to make than they should be, unless we want to do that now. Dave _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
