The IESG has received a request from the Transport Layer Security WG (tls) to consider the following document: - 'Deprecating Obsolete Key Exchange Methods in TLS 1.2' <draft-ietf-tls-deprecate-obsolete-kex-05.txt> as Proposed Standard
The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the last-c...@ietf.org mailing lists by 2025-04-28. Exceptionally, comments may be sent to i...@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document deprecates the use of RSA key exchange and Diffie Hellman over a finite field in TLS 1.2, and discourages the use of static elliptic curve Diffie Hellman cipher suites. Note that these prescriptions apply only to TLS 1.2 since TLS 1.0 and 1.1 are deprecated by RFC 8996 and TLS 1.3 either does not use the affected algorithm or does not share the relevant configuration options. This document updates RFCs 9325, 4346, 5246, 4162, 6347, 5932, 5288, 6209, 6367, 8422, 5289, 5469, 4785, 4279, 5487, 6655, and 7905. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-tls-deprecate-obsolete-kex/ No IPR declarations have been submitted directly on this I-D. The document contains these normative downward references. See RFC 3967 for additional information: rfc6209: Addition of the ARIA Cipher Suites to Transport Layer Security (TLS) (Informational - Internet Engineering Task Force (IETF) stream) rfc6367: Addition of the Camellia Cipher Suites to Transport Layer Security (TLS) (Informational - Internet Engineering Task Force (IETF) stream) _______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
