> On Jun 12, 2018, at 4:15 PM, Ben Personick <ben.person...@iongroup.com> wrote:
>
> We are currently evaluating when to begin offering ECC Certificates based
> cypto on our websites.
>
> Despite the advantages to doing this in TLS 1..2, there is a lot of push-back
> to wait until we “have to support it” once the TLS 1.3 draft is published,
> and the option to use it becomes available.
I am puzzled why you feel you have to support ECC certificates with
TLS 1.3, and yet not for TLS 1.2? RSA certificates continue to be
supported in TLS 1.3, and ECDSA certificates are well supported in
TLS 1.2.
Are you referring to deploying ECC certificates in your server
software, or interoperating with ECC servers in your client software?
If the latter, then indeed you should start to support servers that
can only present ECDSA, rather than RSA, certificates. And do so
with both TLS 1.2 and TLS 1.3, it is not clear why you'd wait for
TLS 1.3 to be published. (We can party when it comes out, but that
should not IMHO hold up implementations of ECDSA support).
--
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
