At IETF 119 we had discussion that static DH certificates lead to static key exchange which is undesirable. Although the current draft deprecates static DH ciphersuites, it seems that RFC 5246 allows the client to provide a certificate with a static DH keypair to provide static parameters in (EC)DHE in TLS 1.2 (I don't know of any implementations that do this).
Should the draft deprecate these ClientCertificateTypes and mark the entries (rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, ecdsa_fixed_ecdh) as 'D' discouraged? Please respond with any comments on this proposal by April 30,2024. Thanks, Sean, Deirdre and Joe
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
