In the situation you've described, they've been told they shouldn't use RSA either, so clearly it doesn't matter to them what we've deprecated or not. We should deprecate insecure algorithms; the fact that there's a spectrum of insecurity among deprecated algorithms does not detract from the fact that they are all best avoided.
On Wed, Dec 14, 2022 at 3:07 AM Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote: > Nimrod Aviram <nimrod.avi...@gmail.com> writes: > > >Let me clarify that the document also has RSA as a MUST NOT. > > > >So there will be no reason to read this document and switch from FFDHE to > >RSA. > > If you tell people they can't have A but they can't have B either then > they're > going to have to choose one of the two in order to communicate, and in (at > least some) banking it's RSA, the most insecure option there is, because > they've been told they shouldn't use DHE. > > Peter. > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
