Following the discussions around draft-bartle-tls-deprecate-ffdh and draft-aviram-tls-deprecate-obsolete-kex, and after consulting the chairs, we have merged the two drafts into draft-aviram-tls-deprecate-obsolete-kex.
The merged draft prescribes the following: RSA key exchange is a MUST NOT. NIST PQC API is Key Encapsulation – conceptually similar to RSA key exchange. Non-ephemeral finite-field DH is a MUST NOT. Overkill, and unnecessary. Should be SHOULD NOT. Non-ephemeral ECDH is a SHOULD NOT. OK. Ephemeral finite-field DH (DHE) is a MAY, only when fully ephemeral, and only using a well-known group of size at least 2048 bits. Overkill, though requiring sufficiently large group size is fine. We added greater justification for point 3 above to address concerns previously raised on the list. We'd love to hear your thoughts. best wishes, Carrick and Nimrod
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls