> I think the blanket prohibition of reuse of ECDHE keys is maybe not really > justified.
Why is that? > IMO that's the part that should have deprecation of RSA cipher suites done at > the same time. RSA seems to me to be too off-topic for this draft. (It also seems to me that RSA is still too widely used and not broken enough to merit deprecation.) If you think this draft requires that RSA key exchange also be deprecated, that could be done in a parallel draft. > On Mar 8, 2021, at 4:23 PM, Brian Smith <br...@briansmith.org> wrote: > > Brian Smith <br...@briansmith.org <mailto:br...@briansmith.org>> wrote: > It is sad that nobody is willing to discuss the obvious downsides of this > proposal as written, which should at least be mentioned in the security > considerations. Without discussing the downsides we're reducing engineering > to politics. If we discuss the downsides then we can substantially improve > the proposal. > > To clarify: the RFC is about deprecating non-ephemeral cipher suites and > reusing keys in implementing the ephemeral cipher suites. I don't know of any > practical issues with the RFC as written, although I think the blanket > prohibition of reuse of ECDHE keys is maybe not really justified. > > The proposal that I'm saying needs to be improved is the proposal of > deprecating the ephemeral FFDHE cipher suites at the same time. IMO that's > the part that should have deprecation of RSA cipher suites done at the same > time. > > Cheers, > Brian > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
