Re: Concluding discussion on #612 (9.2.2)

On Oct 8, 2014, at 11:37 AM, Brian Smith <brian@briansmith.org> wrote:
> 
>> - It is confusing, especially some of the examples confuse instead of clarify
>>  (the mentions of AEAD and AES-GCM are the worst[3]). And getting these
>>  things wrong causes interop problems.
> 
> I agree that the attempts to clarify in 9.2.2 that AEAD cipher suites
> and AES-GCM are acceptable seem to be having the
> opposite-from-intended effect on clarifying things.
> 
>> - It wrongly assumes DHE and ECDHE are the only PFS key exchanges.
> 
> Do you have a suggestion for improving that?

Yes, require TLS 1.3, or alternatively a revision to TLS 1.2 that introduces a 3, 4 version, and 1.3 becomes 3, 5 :)

--
Jason T. Greene
WildFly Lead / JBoss EAP Platform Architect
JBoss, a division of Red Hat

Received on Wednesday, 8 October 2014 19:23:56 UTC