I opened a PR to update the document to mark the static DH client certificate types as SHOULD NOT - https://github.com/tlswg/draft-deprecate-obsolete-kex/pull/15/files
The basic change is the addition of the following in Section 2 "In addition, to avoid the use of non-ephemeral Diffie Hellman, clients SHOULD NOT use use and server SHOULD NOT accept certificates with fixed DH parameters. These certificate types are rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh and ecdsa_fixed_ecdh. These values only apply to TLS versions of 1.2 and below." On Tue, Apr 23, 2024 at 11:03 AM Rob Sayre <say...@gmail.com> wrote: > On Tue, Apr 23, 2024 at 8:35 AM David Benjamin <david...@chromium.org> > wrote: > >> I'll add that if we're wrong and someone *does* need these, it is all >> the more important that we communicate our intentions! The current >> situation is that we have effectively deprecated this by not adding a way >> to use those certificates in TLS 1.3, but we forgot to say so. A >> hypothetical deployment relying on these certificates would be unable to >> migrate to TLS 1.3, but may not realize it yet if they're slow to upgrade. >> > > It's not hypothetical. I found relatively recent manuals describing how to > configure them. I didn't read the source code, it was right there in the > web page documentation. > > I agree with what David says, and I can't really see why anyone would > object if someone wants to do the work. > > thanks, > Rob > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
