On 2 June 2016 at 08:56, Eric Rescorla <e...@rtfm.com> wrote: >> (Although, do we actually get the stronger protection if the client >> accepts plain RSA key exchange? I've never been very clear on that. >> Realistically, clients will be accepting plain RSA for a long while.) > > > Yes, that's correct. I don't believe we have a good plan for plain RSA.
The best plan involves lots and lots of fire. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls