On Thursday, March 10, 2016 02:41:58 pm Stephen Farrell wrote: > My question is: Should the WG take the opportunity to more > tightly define the key exchange parameters for these > ciphersuites? > > For example, TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 could > REQUIRE RSA keys with >=2048 bit moduli and one could go > further and say that this also REQUIRES use of specific > integer DH groups. Etc etc.
This is a good idea that I think is likely to be impractical and could greatly hurt adoption, at least with regard to RSA. Requiring only secure (EC)DHE groups, however, I think is probably worth consideration. Both could be dealt with in a single TLS stack update, but requiring better certs is still a pain for entirely too many (hopefully this won't be true for that much longer). Dave _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
