On Thu, Dec 14, 2017 at 05:05:37PM -0800, Colm MacCárthaigh wrote: > But I do think the question > is worth having an answer for. I think we *do* need to prepare for turning > off AES, there's always a chance we might have to.
Even nastier dependency: SHA-2. If that breaks, currently both TLS 1.2 and 1.3 break. There are no alternatives defined. Yes, sure SHA-2 has taken a lot of cryptoanalysis without serious trouble (I think one reason for starting SHA-3 process was preceived weakness in SHA-2, that later turned out not to be the case). -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
