On Thu, Sep 22, 2016 at 05:19:48PM +0000, BITS Security wrote: > To: IETF TLS 1.3 Working Group Members > > Deprecation of the RSA key exchange in TLS 1.3 will cause significant > problems for financial institutions, almost all of whom are running > TLS internally and have significant, security-critical investments in > out-of-band TLS decryption.
It is not merely deprecated, the whole TLS 1.3 design assumes DH-like key exchange, which RSA key exchange isn't. It has been this way from the earliest designs, which were over 2 years ago. If you are thinking you can have static RSA key exchange in TLS 1.3, you are just plain wasting your time. There will not be static RSA in TLS 1.3. No matter how much "inconvience" you claim that causes. Also, security protocol design is hard enough without backdoors. Try to add those and everything will just come apart. In way that lets the "bad guys" (however you define those) to waltz in. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls