Re: [TLS] secdir review of draft-ietf-tls-ecdhe-psk-aead-03

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Sorry for the slow reply.

On Fri, May 19, 2017 at 12:58:07PM -0400, Daniel Migault wrote:
> Thank you,
> 
> Your comments have all been addressed. I have one remaining clarification.
> In my text the SHOULD NOT was intended to the ECDHE_PSK in general, and not
> only for the cipher suites of the draft. In your opinion do we clarify
> this, and should we use something else than SHOULD NOT ?

It's somewhat awkward, as what we really want to do is Update RFC
5489 to add this prohibition there.  But, that's more process to
jump through and this document is already at a late stage, so I do
not actually propose doing that.  I would be okay saying

  As such, all ECDHE_PSK ciphers, including those defined outside
  this document, SHOULD NOT be negotiated in TLS versions prior to
  1.2.

to match up with the MUST NOT text we have for these new ciphers.
(Taking into account Martin's text that the prohibition is on
negotiating them, but offering them in a ClientHello that also
offers the old version is okay.)

-Ben




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]