I opened a PR to address this in the document - https://github.com/tlswg/draft-deprecate-obsolete-kex/pull/12
This updates the IANA considerations section to say: "This document requests IANA to mark the cipher suites listed in {{appendix-dh}}, {{appendix-ecdh}}, {{appendix-dhe}} and in {{appendix-rsa}} as "D" in the "Recommended" column, see {{I-D.ietf-tls-rfc8447bis}}, in the "TLS Cipher Suites" registry." On Mon, Apr 22, 2024 at 6:21 AM Hubert Kario <hka...@redhat.com> wrote: > On Monday, 15 April 2024 19:30:29 CEST, Joseph Salowey wrote: > > At IETF 119 we had discussion on how to mark the ciphersuites > > deprecated by draft-ietf-tls-deprecate-obsolete-kex in the IANA > > Registry. At the meeting there was support for ('D' means > > discouraged): > > > > RSA ciphersuites should be marked with a "D" > > FFDH ciphersuites should be marked with a "D" > > FFDHE ciphersuites should be marked with a "D" > > ECDH ciphersuites should be marked with a "D" > > > > This aligns with the deprecation intent of the draft. The draft > > states ECDH are a SHOULD NOT instead of a MUST NOT, but the > > sentiment was they should be generally discouraged. > > > > Please respond with any comments on this proposal by April 30,2024. > > I still don't like deprecating/discouraging/SHOULD NOTig FFDHE, but > I'm still for the proposal, and OK with using "D" for marking in IANA. > -- > Regards, > Hubert Kario > Principal Quality Engineer, RHEL Crypto team > Web: www.cz.redhat.com > Red Hat Czech s.r.o., Purkyňova 115, 612 00, Brno, Czech Republic > >
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org