On Mon, Aug 30, 2021 at 10:47 AM Salz, Rich <rs...@akamai.com> wrote:
> By “obsolete keyex draft” you mean expired, right? > > > [Joe] I mean this draft - draft-aviram-tls-deprecate-obsolete-kex-00 (the subject of the other adoption call). There were several comments that we should merge the two drafts. Since draft-bartle-tls-deprecate-ffdh-00 and the expired draft-bartle-tls-deprecate-ffdhe-00 are similar I would expect we would merge content from draft-bartle-tls-deprecate-ffdh-00 into draft-aviram-tls-deprecate-obsolete-kex-00 with perhaps some addition text on certificates with static keys. > I am in favor of MUST NOT have a certificate with DH keys. So yes to 1. I > think #2 is unenforceable/undetectable, but would be happy to be convinced > otherwise. So I’m unsure about #2. > > > > But yes, let’s adopt and merge in the expired keyex draft and then argue > over it. > > >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
