Sorry for the slow reply. On Fri, May 19, 2017 at 12:58:07PM -0400, Daniel Migault wrote: > Thank you, > > Your comments have all been addressed. I have one remaining clarification. > In my text the SHOULD NOT was intended to the ECDHE_PSK in general, and not > only for the cipher suites of the draft. In your opinion do we clarify > this, and should we use something else than SHOULD NOT ? It's somewhat awkward, as what we really want to do is Update RFC 5489 to add this prohibition there. But, that's more process to jump through and this document is already at a late stage, so I do not actually propose doing that. I would be okay saying As such, all ECDHE_PSK ciphers, including those defined outside this document, SHOULD NOT be negotiated in TLS versions prior to 1.2. to match up with the MUST NOT text we have for these new ciphers. (Taking into account Martin's text that the prohibition is on negotiating them, but offering them in a ClientHello that also offers the old version is okay.) -Ben