David Benjamin <david...@chromium.org> writes: >[*] From the conclusion of the paper: "The most straightforward mitigation >against the attack is to remove support for TLS-DH(E) entirely, as most major >client implementations have already stopped supporting them"
Just as you need to automatically add "in mice" to the end of any announcement of a new medical result, so you also need to add "on the web" to the end of any pronouncement about TLS. This only applies to the special bubble of the web. For other situations, the effect of banning DHE will be to force everyone to move to RSA. I've already seen this in payments processing applications, instead of using the secure-unless-you-implement-it-really-badly DHE they use the almost-impossible-to-do-securely RSA, because someone has told them not to use DHE. So a blanket ban of DHE will lead to a net loss in security. Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
