Re: [TLS] Re: NIST TLS recomendations

[Bodo Moeller <bmoeller@xxxxxxx>]

On Thu, Nov 02, 2006 at 11:17:01AM +0200, Pasi.Eronen@xxxxxxxxx wrote:

>> This is exactly right, however it certainly is reasonable to add some
>> language to the specification that points out that these ciphersuites
>> should *usually* not be enabled.  Here is a proposal for A.5.
>> 
>>    The following cipher suites are used for completely anonymous
>>    Diffie- Hellman communications in which neither party is
>>    authenticated. Note that this mode is vulnerable to
>>    man-in-the-middle attacks.  Using this mode therefore is
>>    deprecated: These ciphersuites MUST NOT be used by TLS 1.1
>>    implementations unless the application layer has specifically
>>    requested to allow anonymous key exchange.  [...]

> I'm not sure if "deprecated" is the right word to use; at least to me
> it suggests that the feature is obsolete, and users should not expect
> it to be supported in the future.
> 
> This is not the case here: DH_anon ciphersuites are just a feature
> with very special and limited use cases [...]

True.  "Using this mode therefore is of limited use: These
ciphersuites MUST NOT be used by TLS 1.2 implementations unless ..."?

Bodo

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls