Hi Sean, just to make sure that I properly understand the question: You are suggesting to remove the DHE support but not the ECDHE support from the 0-RTT exchange.
Removing the DHE support is fine for us (at ARM) since we are focused on ECDHE for IoT devices. The DTLS/TLS profile and other IETF specifications very much focused on ECDHE and do not consider the use of DHE. Ciao Hannes On 03/29/2016 03:11 PM, Sean Turner wrote: > All, > > To make sure we’ve got a clear way forward coming out of our BA > sessions, we need to make sure there’s consensus on a couple of > outstanding issues. So... > > There also seems to be (rougher) consensus not to support 0-RTT via > DHE (i.e., semi-static DHE) in TLS 1.3 at this time leaving the only > 0-RTT mode as PSK. The security properties of PSK-based 0-RTT and > DHE-based 0-RTT are almost identical, but 0-RTT PSK has better > performance properties and is simpler to specify and implement. Note > that this does not permanently preclude supporting DHE-based 0-RTT in > a future extension, but it would not be in the initial TLS 1.3 RFC. > > If you think that we should keep DHE-based 0-RTT please indicate so > now and provide your rationale. > > J&S > > _______________________________________________ TLS mailing list > TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
