On Fri, Jul 14, 2023 at 04:53:42PM +0300, Nimrod Aviram wrote:
> There are a few valid arguments, from yourself and others here, to soften
> the prescription regarding FFDHE from MUST NOT to SHOULD NOT, or similar.
The formulation I would choose would be:
- MUST prefer ECDHE key exchange, when supported, over FFDHE key exchange.
- MUST prefer FFDHE key exchange, when supported, over RSA key exchange.
> That's a reasonable position to take, but at this stage I guess the
> discussion is mostly around the presentation and structure of the document.
That's a shame, because the goal surely isn't to punish the users of
legacy systems, but rather to encourage the use of preferred
alternatives.
A narrow section of the user base may well want to refuse to communicate
with the aid of any of the legacy algorithms, they already have that
option. For the rest, I think rfc7435's emphasis on raising the ceiling
is better aligned with security goals than efforts to raise the floor.
Yes, I am well aware that sometimes we also need to raise the floor
(e.g. drop support for SSLv2). I am not convinced this is such a
situation.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
