Thanks! Both points sound good to me. I pushed these changes to the main branch, I guess we'll wait to accumulate more (hopefully small) changes before publishing a new version.
thanks, Nimrod On Thu, 21 Sept 2023 at 18:24, Thomas Fossati <thomas.foss...@linaro.org> wrote: > Hi, > > Maybe I am completely confused but It also looks like the "SHOULD NOT > non-ephemeral ECDH" (second para of §2) is already in the "general > guidelines" of RFC9325. > > If you want to reiterate the point (which is good), you could just > reference it? > > cheers, t > > On Thu, 21 Sept 2023 at 17:13, Thomas Fossati <thomas.foss...@linaro.org> > wrote: > > > > Hi, > > > > It looks like the requirements in §2 and §3 regarding FFDH(E) update > > the guidance given in RFC9325 (i.e., SHOULD NOT => MUST NOT). > > > > I guess this must be reflected in the "Updates" header. > > > > cheers, thanks > > t > > > > On Thu, 21 Sept 2023 at 10:22, <internet-dra...@ietf.org> wrote: > > > > > > Internet-Draft draft-ietf-tls-deprecate-obsolete-kex-03.txt is now > available. > > > It is a work item of the Transport Layer Security (TLS) WG of the IETF. > > > > > > Title: Deprecating Obsolete Key Exchange Methods in TLS 1.2 > > > Authors: Carrick Bartle > > > Nimrod Aviram > > > Name: draft-ietf-tls-deprecate-obsolete-kex-03.txt > > > Pages: 20 > > > Dates: 2023-09-21 > > > > > > Abstract: > > > > > > This document deprecates the use of RSA key exchange and Diffie > > > Hellman over a finite field in TLS 1.2, and discourages the use of > > > static elliptic curve Diffie Hellman cipher suites. > > > > > > Note that these prescriptions apply only to TLS 1.2 since TLS 1.0 > and > > > 1.1 are deprecated by [RFC8996] and TLS 1.3 either does not use the > > > affected algorithm or does not share the relevant configuration > > > options. > > > > > > The IETF datatracker status page for this Internet-Draft is: > > > > https://datatracker.ietf.org/doc/draft-ietf-tls-deprecate-obsolete-kex/ > > > > > > There is also an HTML version available at: > > > > https://www.ietf.org/archive/id/draft-ietf-tls-deprecate-obsolete-kex-03.html > > > > > > A diff from the previous version is available at: > > > > https://author-tools.ietf.org/iddiff?url2=draft-ietf-tls-deprecate-obsolete-kex-03 > > > > > > Internet-Drafts are also available by rsync at: > > > rsync.ietf.org::internet-drafts > > > > > > > > > _______________________________________________ > > > TLS mailing list > > > TLS@ietf.org > > > https://www.ietf.org/mailman/listinfo/tls > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
