On Sat, Jul 30, 2022 at 12:41 PM Peter Saint-Andre <stpeter@xxxxxxxxxx> wrote:
Hi again,
The authors have conferred on this and at this time we don't think that
we can recommend anything other than EC ciphers, for several reasons:
1. DHE negotiation is broken.
2. Static RSA is out of the question.
3. Post-quantum (PQ) methods aren't ready yet.
Our forecast is that a few years from now the PQ methods will be ready
for recommending in 7525ter, but for now EC is the best we can do.
I agree with the authors on leaving the draft as-is. However, it should also be pointed out that the document delegates this choice to TLS1.3, if it's in use.[0]
So, deployments also have the option to switch to TLS1.3 if a problem arises with EC and TLS1.2, right?
thanks,
Rob
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
