I opened a PR to address this in the document -
https://github.com/tlswg/draft-deprecate-obsolete-kex/pull/12

This updates the IANA considerations section to say:

"This document requests IANA to mark the cipher suites listed in
{{appendix-dh}}, {{appendix-ecdh}}, {{appendix-dhe}} and in
{{appendix-rsa}} as "D" in the "Recommended" column, see
{{I-D.ietf-tls-rfc8447bis}}, in the "TLS Cipher Suites" registry."

On Mon, Apr 22, 2024 at 6:21 AM Hubert Kario <hka...@redhat.com> wrote:

> On Monday, 15 April 2024 19:30:29 CEST, Joseph Salowey wrote:
> > At IETF 119 we had discussion on how to mark the ciphersuites
> > deprecated by draft-ietf-tls-deprecate-obsolete-kex in the IANA
> > Registry. At the meeting there was support for ('D' means
> > discouraged):
> >
> > RSA ciphersuites should be marked with a "D"
> > FFDH ciphersuites should be marked with a "D"
> > FFDHE ciphersuites should be marked with a "D"
> > ECDH ciphersuites should be marked with a "D"
> >
> > This aligns with the deprecation intent of the draft. The draft
> > states ECDH are a SHOULD NOT instead of a MUST NOT, but the
> > sentiment was they should be generally discouraged.
> >
> > Please respond with any comments on this proposal by April 30,2024.
>
> I still don't like deprecating/discouraging/SHOULD NOTig FFDHE, but
> I'm still for the proposal, and OK with using "D" for marking in IANA.
> --
> Regards,
> Hubert Kario
> Principal Quality Engineer, RHEL Crypto team
> Web: www.cz.redhat.com
> Red Hat Czech s.r.o., Purkyňova 115, 612 00, Brno, Czech Republic
>
>
_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org

Reply via email to