On Fri, Dec 07, 2018 at 07:14:17AM +0000, Peter Gutmann wrote: > It depends on what those resources are, at one end you've got proper DHE with > a full modexp required, at the other end if you can fake it with something as > lightweight as a mod-add or similar it's essentially free while defeating DHE- > reuse detection.
Fair. > I appreciate that people feel strongly about this, and I support the idea of > non-ephemeral DHE detection in principal [0] (along with many, many other > measures to strengthen TLS), but this draft reads a lot like the IETF blowing > raspberries at ETSI. That's my take as well. However, the possibility of detecting stuck RNGs like the Debian OpenSSL debacle of ten years ago is interesting. Still, it's more complexity for clients. Nico -- _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls