Blumenthal, Uri - 0553 - MITLL <u...@ll.mit.edu> writes: >Nobody in the real world employs static DH anymore – in which case this draft >is useless/pointless
It's not "any more", AFAICT from my inability to find any evidence of the certificates needed for it in 25-odd years it's "nobody has ever used static DH" (with the absence-of-evidence caveat). >I’m amazed by drafts like this one. Is nothing constructive remains out there >to spend time and efforts on? Slow news day? End-of-financial-year clearout? Quota to fill? Someone lost a bet? Could be all sorts of things. Someone else commented on having seen code to support this, that's just a natural side-effect of having code that supports DH and code that supports certificates, you end up with code that probably supports DH certificates, probably because without ever having seen one to test your code with you can't be 100% sure there isn't some glitch somewhere. For example my code happens to support Elgamal certificates because there's Elgamal code in there for PGP support and so if you use an Elgamal key in a certificate you'll get an Elgamal certificate. As with the DH-cert code it's never been tested because I don't think such a thing as an Elgamal X.509 certificate exists, but in theory there's support for them in there. Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
