- From: Brian Smith <brian@briansmith.org>
- Date: Tue, 11 Nov 2014 18:38:36 -0800
- To: Mark Nottingham <mnot@mnot.net>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
On Tue, Nov 11, 2014 at 6:03 PM, Mark Nottingham <mnot@mnot.net> wrote: > Not explicit here but implied (and seemingly not controversial) were #1 (making all cipher suite requirements specific to TLS 1.2), #3 (keep the required interop suite as mandatory to deploy) and #4 (Clarify that cipher suite requirements apply to deployments, not impl). To clarify #3 and #4: If a server only has an ECDSA certificate, then it shouldn't be required to (and in fact, cannot) implement TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256. I believe that TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 should be mandatory if the certificate is RSA and TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 if the certificate is ECDSA, because that is implying that having an RSA certificate is mandatory, and that's not good. Also, as a practical matter, in a few years it is likely to be the case that TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is the most interoperable cipher suite for servers to support, because Windows 7's SChannel supports it, but Windows 7's SChannel does not support TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256. And, in practice, all browsers that support TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 also support TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256. Cheers, Brian
Received on Wednesday, 12 November 2014 02:39:03 UTC