Hi Nimrod, Thanks for your comments and apologies for the slow response time.
From: Uta <uta-boun...@ietf.org> on behalf of Nimrod Aviram <nimrod.avi...@gmail.com> > Coauthor of draft-bartle-tls-deprecate-ffdhe here (the document is > undergoing reorganization, and the work-in-progress state can be found > here). > > draft-ietf-uta references the deprecate-ffdhe draft as a future TODO > item in Section 6.4. There are a few notable differences between the > recommendations in the two drafts: > > - The draft-ietf-uta lists RSA key exchange as a SHOULD NOT. We've had > similar discussions in the TLS WG, and I argue that RSA should be a > MUST NOT. We've had support for this on the TLS WG. > > - The wording in Section 4.1 of draft-ietf-uta implies that using > finite field DHE cipher suites is generally good practice. Most web > client implementations have dropped support for finite field DHE. > Further, the Introduction of WIP draft-tls-deprecate-obsolete-kex > lists problems affecting finite field DHE, especially when exponents > are reused. These problems are arguably severe enough to make exponent > reuse a MUST NOT. Section 6.4 has both static finite field DH and > exponent reuse as a SHOULD NOT. > > - On a side note, the list of recommended cipher suites in Section 4.2 > is a subset of the recommended cipher suites in the "Intermediate" > configuration in Mozilla's Server Side TLS Guide. Could one of the > authors please explain the rationale for this difference? > > Obviously, my recommendations are reflected in the WIP > draft-tls-deprecate-obsolete-kex: > (please excuse the brevity) > - MUST NOT use (non-ephemeral) DH cipher suites. > - SHOULD NOT use non-ephemeral ECDH. > - Finite field DHE: MUST NOT reuse exponents, MUST use a well-known > group. > - MUST NOT use RSA key exchange. > > I look forward to your responses. > > best, and happy holidays, > Nimrod Please see https://github.com/yaronf/I-D/pull/290 cheers! -- IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
_______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
