John Mattsson <john.mattsson=40ericsson....@dmarc.ietf.org> writes: >A more reasonable approach would be to deprecate all cipher suites without >_ECDHE_. > >While the WG is in deprecation mode, please deprecate all non-AEAD cipher >suites as well. RFC 7540 did this 7.5 years ago...
An even more reasonable approach would be to mandate EMS, EtM, and (and I realise I'm biased here) LTS, which solve all of the above problems without having to throw away a bunch of long-standing cipher suites with massive existing deployed base. That's a simple, backwards-compatible tweak to the deployed base to fix existing problems rather than scrap-it-and-order-a-new- one to replace existing problems with a new set. Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
