Ack, of course. My views are the same tho.
From: Joseph Salowey <j...@salowey.net> Date: Monday, August 30, 2021 at 2:32 PM To: Rich Salz <rs...@akamai.com> Cc: "tls@ietf.org" <tls@ietf.org> Subject: Re: [TLS] Adoption call for Deprecating FFDH(E) Ciphersuites in TLS On Mon, Aug 30, 2021 at 10:47 AM Salz, Rich <rs...@akamai.com<mailto:rs...@akamai.com>> wrote: By “obsolete keyex draft” you mean expired, right? [Joe] I mean this draft - draft-aviram-tls-deprecate-obsolete-kex-00 (the subject of the other adoption call). There were several comments that we should merge the two drafts. Since draft-bartle-tls-deprecate-ffdh-00 and the expired draft-bartle-tls-deprecate-ffdhe-00 are similar I would expect we would merge content from draft-bartle-tls-deprecate-ffdh-00 into draft-aviram-tls-deprecate-obsolete-kex-00 with perhaps some addition text on certificates with static keys. I am in favor of MUST NOT have a certificate with DH keys. So yes to 1. I think #2 is unenforceable/undetectable, but would be happy to be convinced otherwise. So I’m unsure about #2. But yes, let’s adopt and merge in the expired keyex draft and then argue over it.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
