On Tuesday, November 17, 2015 02:14:00 pm Ilari Liusvaara wrote: > All current registered/proposed ciphersuites that work in TLS 1.3 are > *-GCM or *-POLY1305 ones (with DHE or ECDHE).
DHE AES CCM is still in the list, even after the changes in the current proposal. ECDHE AES CCM is not as it's not standards track. There's an argument that it should be promoted alongside ECDHE AES GCM, however we're not really recommending CCM so that's probably not desired (and I don't know if it has had enough use to be considered recommended). There will likely also be AES OCB, at some point. On Tuesday, November 17, 2015 02:17:05 pm Viktor Dukhovni wrote: > I'm well aware of that, I'm just wondering whether the "Recommended" > column should cover recommendations for TLS 1.2 as well TLS 1.3? Yes. The following is in the backwards compatibility appendix in the current draft: "If an implementation negotiates use of TLS 1.2, then negotiation of cipher suites also supported by TLS 1.3 SHOULD be preferred, if available." At the end of the day, though, it's just a qualified "SHOULD". We're just talking recommendations. This isn't a diediedie RFC. Dave _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
