On Mon, Mar 8, 2021 at 10:16 PM John Mattsson <john.mattsson= 40ericsson....@dmarc.ietf.org> wrote:
> Brian Smith wrote: > >Deprecating FFDHE key exchange without deprecating RSA key exchange will > substantially increase the usage >of RSA key exchange and thus make server > key compromise more dangerous. At a minimum, RSA key >exchange should be > deprecated at the same time, in the same document. > > Deprecating static RSA and everything else that does not have PFS is long > overdue. RFC 7540 did this 6 years ago, and it was not a day too late. > Strange that the best TLS profiling was/is done by HTTPBIS. > That is strange. > > Viktor Dukhovni wrote: > >In practice security improves more when you raise the ceiling, rather the > floor. > > Let’s start with mandating support of > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for the remaining TLS 1.2 > implementations. RFC 7540 did this 6 years ago, and it was not a day too > late. > I don't understand the motivation. Why not deprecate all of the RSA cipher suites? thanks, Rob
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
