> On Nov 9, 2018, at 11:52 AM, Yoav Nir <ynir.i...@gmail.com> wrote: > >> Nor have I, and I rather think that introducing fixed-(EC)DH ciphers into >> TLS was a mistake, and glad to see them gone in TLS 1.3. > > FWIW RFC 8422 also deprecates them for TLS 1.2 and earlier. Great! Thanks. I see that in: 5.5. Certificate Request https://tools.ietf.org/html/rfc8422#section-5.5 Mind you, as that text is in the context of "Certificate Request" some might not read to understand that they're also deprecated for the server certificate, but we can hope that'll be understood implicitly. -- Viktor. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
- Re: [TLS] Certificate keyUsage enforce... Viktor Dukhovni
- Re: [TLS] Certificate keyUsage enf... David Benjamin
- Re: [TLS] Certificate keyUsage enf... Geoffrey Keating
- Re: [TLS] Certificate keyUsage... Viktor Dukhovni
- Re: [TLS] Certificate keyU... Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Certificate... Peter Gutmann
- Re: [TLS] Certifi... Viktor Dukhovni
- Re: [TLS] Certifi... Peter Gutmann
- Re: [TLS] Certifi... Viktor Dukhovni
- Re: [TLS] Certifi... Yoav Nir
- Re: [TLS] Certifi... Viktor Dukhovni
- Re: [TLS] Certifi... Tony Putman
- Re: [TLS] Certifi... Viktor Dukhovni
- Re: [TLS] Certifi... Andrei Popov
- Re: [TLS] Certificate keyUsage enforce... Martin Rex
- Re: [TLS] Certificate keyUsage enf... Viktor Dukhovni
- Re: [TLS] Certificate keyUsage... Peter Gutmann
- Re: [TLS] Certificate keyU... Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Certificate keyUsage enforcement ... Nikos Mavrogiannopoulos