Re: [TLS] Re: NIST TLS recomendations

[pgut001@xxxxxxxxxxxxxxxxx (Peter Gutmann)]

Bodo Moeller <bmoeller@xxxxxxx> writes:

>This is exactly right, however it certainly is reasonable to add some
>language to the specification that points out that these ciphersuites should
>*usually* not be enabled.  Here is a proposal for A.5.

Isn't this just posturing though?  Since people are currently doing DH_anon
via DHE, it's not going to make much difference whether DH_anon is enabled or
not.  Or should the text include a note to say that current practice is to do
DH_anon via DHE, so enabling DH_anon isn't worth the bother and you may as
well leave it disabled?

(I'm not terribly fussed about this, people are going to program FORTRAN no
matter what language you give them, but it'd be nice if the spec at least
acknowledged current practice in order to guide both implementors and users).

Peter.


_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls