On Wed, Dec 9, 2015 at 8:44 AM, Sean Turner <s...@sn3rd.com> wrote: > On Dec 05, 2015, at 10:43, Ilari Liusvaara <ilariliusva...@welho.com> > wrote: > > > > On Sat, Dec 05, 2015 at 11:32:40PM +0800, Xuelei Fan wrote: > >> Hi, > >> > >> Any one know why the negotiated FFDHE draft hang on MISSREF state for > more > >> than 180 days? > >> > >> http://datatracker.ietf.org/doc/draft-ietf-tls-negotiated-ff-dhe/ > > > > Normatively depends on the false-start draft that isn't sent to the > > RFC-Editor yet. > > > > The specification itself is done and all the needed codepoints have > > been assigned. > > I haven’t see any comments on he 01 version so I’m checking with Bodo to > see if he got any off list comments. If not, we’ll get the WGLC started. >
The FF-DHE draft should be reset so that it specifies new cipher suite IDs for TLS_DHE_* cipher suites with the same semantics as the current TLS_DHE_* cipher suites, but with the requirement that the FF-DHE extension is present (for TLS 1.2 and earlier versions). As predicted long ago, the current design of this extension doesn't make sense because it doesn't allow for a client to require a strong DHE key and at the same time maintain compatibility with sites that use weak DHE keys when DHE cipher suites are offered but which would use a strong non-DHE cipher suite if DHE cipher suites are not offered. Additionally, because of the Microsoft SChannel AES-GCM bug from last year, it is very difficult to deploy a client that uses TLS-DHE-AES-GCM or TLS-AES-GCM cipher suites. This is more motivation for the proposal in the previous paragraph. If the current proposal goes ahead unmodified, I suspect most implementers will be forced to ignore it and simply turn of TLS_DHE cipher suites completely. That's what Apple Safari did, what Google Chrome appears to be doing, and also what Firefox partially did. If the goal is really to deprecate TLS_DHE cipher suites completely, then the wording of the draft should be made much simpler and more direct to that effect. Cheers, Brian -- https://briansmith.org/
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
