On Wednesday, 21 December 2022 19:13:36 CET, Rob Sayre wrote:
On Wed, Dec 21, 2022 at 5:59 AM Hubert Kario <hka...@redhat.com> wrote:
Telling people that they shouldn't use the only things they can use means...
Well, I'd be curious to know what the use cases are.
The stuff Uri Blumenthal already mentioned: software and hardware that has
lifetimes measured in decades.
But I
would also say this might be enough:
https://www.rfc-editor.org/rfc/rfc9325#name-cipher-suites-for-tls-12
The IETF already says using this is not best current practice,
so that's enough for me. A deprecation draft (which I do favor)
would just be another document that makes the point. Rough
consensus, as they say.
I'm fine with "SHOULD NOT", I'm opposed to "MUST NOT".
I also have no problems with saying that "servers MUST NOT reuse key
shares"
and with "servers MUST NOT use parameters smaller than 2048 bit".
I even don't have a problem with "servers SHOULD use well known parameters
or
safe primes as FFDHE parameters".
What I'm against is blanket forbidding of FFDHE in TLSv1.2.
--
Regards,
Hubert Kario
Principal Quality Engineer, RHEL Crypto team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
