On Thursday, December 03, 2015 03:47:52 pm Yoav Nir wrote: > Wouldn’t it be better to mandate that if your TLS implementation supports > both TLS 1.2 and TLS 1.3 it should take actions necessary to mitigate the > bleichenbacher attack? > > In fact, if you don’t care much about very old browsers, isn’t it possible > today to mandate that the TLS implementation not use RSA keying? That way the > oracle is gone. > > Seems better than requiring web server administrators to acquire two > certificates.
A draft of the simple solution: https://github.com/davegarrett/tls13-spec/commit/edeed6e90c177df6670935fceea69e14b3951e53 Dave _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
