+1 for forbidding more old crap. Lack of forward secrecy should imply at least NOT RECOMMENDED.
Does it make sense to forbid things for TLS 1.0 and TLS 1.1 when we soon have an RFC forbidding use of TLS 1.0 and TLS 1.1? Cheers, John -----Original Message----- From: TLS <tls-boun...@ietf.org> on behalf of Martin Thomson <m...@lowentropy.net> Date: Monday, 8 March 2021 at 16:34 To: "TLS@ietf.org" <tls@ietf.org> Subject: [TLS] Regarding draft-bartle-tls-deprecate-ffdhe Well overdue. We should do this. The title "Deprecating FFDH(E) Ciphersuites in TLS" doesn't seem to match the document content. I only see static or semi-static DH and ECDH key exchange being deprecated (in the document as non-ephemeral). _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
