Dear colleagues:
I think this document should absolutely *not* be adopted, without
providing far more technical justification. The quoted Raccoon attack is
an easy to mitigate attack (which has nothing to do with finite field
groups, just with poor design choices of postprocessing, where one uses
variable-size integer representations for a key). There are also good
reasons to have key exchanges where one of the parties has a static key,
whether ecc-based or ff-based (e.g., sni, opaque), for which secure
implementations are known. No detail is provided and that alone should
be sufficient reason to not adopt.
Rene
On 2021-07-29 5:50 p.m., Joseph Salowey wrote:
This is a working group call for adoption for Deprecating FFDH(E)
Ciphersuites in TLS (draft-bartle-tls-deprecate-ffdhe-00
<https://datatracker.ietf.org/doc/draft-bartle-tls-deprecate-ffdhe/>).
We had a presentation for this draft at the IETF 110 meeting and since
it is a similar topic to the key exchange deprecation draft the chairs
want to get a sense if the working group wants to adopt this draft
(perhaps the drafts could be merged if both move forward). Please
review the draft and post your comments to the list by Friday, August
13, 2021.
Thanks,
The TLS chairs
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
--
email: rstruik....@gmail.com | Skype: rstruik
cell: +1 (647) 867-5658 | US: +1 (415) 287-3867
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
