On 25 May 2017 at 00:04, Daniel Migault <daniel.miga...@ericsson.com> wrote:
> B) It is not true as TLS1.3 enables these cipher suites to be negotiated > with TLS1.3. You can't negotiate the new suites with 1.3, but you can offer them in case the server picks 1.2. Joe's proposal fixes this and other errors. >> You don't anywhere state that TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 >> means to use AEAD_AES_128_GCM (and the same for the other >> ciphersuites). I mention this because the order in which the AEAD >> algorithms are mentioned is different to the order of the ciphersuites >> in the list. >> > > Unless I miss your comment, I believe the section 3 already addresses it. If > not please let me knoe what text you would like to see. > > """ > 3. ECDHE_PSK with AES-GCM and AES-CCM Cipher Suites > > The cipher suites defined in this document are based on the AES-GCM > and AES-CCM Authenticated Encryption with Associated Data (AEAD) > algorithms AEAD_AES_128_GCM, AEAD_AES_256_GCM and AEAD_AES_128_CCM > defined in [RFC5116], and AEAD_AES_128_CCM_8 defined in [RFC6655]. > > """ You miss my comment. This does not prevent someone from deciding that TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 should use AEAD_AES_128_CCM_8. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
