Blumenthal, Uri - 0553 - MITLL <u...@ll.mit.edu> writes: >I do not support deprecation, because there will be deployed devices (IoT, >SCADA) that aren’t upgradable – and the new stuff will have to access them.
It's actually much worse than just SCADA, there are deployments in things like wholesale banking where the semi-deprecation of DH suites has led to them falling back to RSA instead. This pointless removal of FFDHE, while it'll be written as MUST NOT FFDHE, will actually be MUST RSA in some environments. In other words not only will it not make things any more secure, it'll make some things much, much less secure. Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
