On Thu, Dec 22, 2022 at 05:56:50AM +0000, Peter Gutmann wrote:
> John Mattsson <john.mattsson=40ericsson....@dmarc.ietf.org> writes:
>
> >A more reasonable approach would be to deprecate all cipher suites without
> >_ECDHE_.
> >
> >While the WG is in deprecation mode, please deprecate all non-AEAD cipher
> >suites as well. RFC 7540 did this 7.5 years ago...
>
> An even more reasonable approach would be to mandate EMS, EtM, and (and I
> realise I'm biased here) LTS, which solve all of the above problems without
> having to throw away a bunch of long-standing cipher suites with massive
> existing deployed base. That's a simple, backwards-compatible tweak to the
> deployed base to fix existing problems rather than scrap-it-and-order-a-new-
> one to replace existing problems with a new set.
Indeed, and, more generally we get much better security outcomes by
making it clear whith new things are MTI and must be preferred by
updated implementations so that they're negotiated whenever supported by
both ends.
The products that already don't want to use the old ciphers don't need
deprecations to convince them to drop support for FFDHE. Products that
need to remain long-term interoperable, can still continue to offer
FFDHE when the peer does not support ECDHE.
Is there a compelling reason to intervene?
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
