On Sat, Jul 30, 2022 at 12:41 PM Peter Saint-Andre <stpe...@stpeter.im> wrote:
> Hi again, > > The authors have conferred on this and at this time we don't think that > we can recommend anything other than EC ciphers, for several reasons: > > 1. DHE negotiation is broken. > > 2. Static RSA is out of the question. > > 3. Post-quantum (PQ) methods aren't ready yet. > > Our forecast is that a few years from now the PQ methods will be ready > for recommending in 7525ter, but for now EC is the best we can do. > I agree with the authors on leaving the draft as-is. However, it should also be pointed out that the document delegates this choice to TLS1.3, if it's in use.[0] So, deployments also have the option to switch to TLS1.3 if a problem arises with EC and TLS1.2, right? thanks, Rob [0] https://datatracker.ietf.org/doc/html/draft-ietf-uta-rfc7525bis#section-4.3
_______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
