Hiya, This is ready to go but I've one question. Sorry I don't recall if this was discussed previously, if it was, then just say and I'll move this along to IETF LC.
My question is: Should the WG take the opportunity to more tightly define the key exchange parameters for these ciphersuites? For example, TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 could REQUIRE RSA keys with >=2048 bit moduli and one could go further and say that this also REQUIRES use of specific integer DH groups. Etc etc. Getting all that agreed might take a wee while, so if the answer is "nah, no thanks, we don't want to do that here," that's fine and I'll just start IETF LC. I guess another way to handle that might be to say that these ciphersuites REQUIRE that all relevant restrictions from BCP195 be enforced. That'd maybe ensure the public key stuff is all at good strength, but doing so might not be so effective, in terms of trying to ensure these ciphersuites aren't used with e.g. short RSA keys. Whatchacha think? Cheers, S.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
