From 7d6947817351a01ff1bf1aeac594510a454b3465 Mon Sep 17 00:00:00 2001 From: Joe Salowey Date: Wed, 8 May 2024 11:04:02 -0700 Subject: [PATCH] mark DH certs as D --- draft-ietf-tls-deprecate-obsolete-kex.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/draft-ietf-tls-deprecate-obsolete-kex.md b/draft-ietf-tls-deprecate-obsolete-kex.md index 5fd841e..5ce2244 100644 --- a/draft-ietf-tls-deprecate-obsolete-kex.md +++ b/draft-ietf-tls-deprecate-obsolete-kex.md @@ -263,6 +263,8 @@ Note that TLS 1.0 and 1.1 are deprecated by {{!RFC8996}} and TLS 1.3 does not support ECDH {{!RFC8446}}.) This includes all cipher suites listed in the table in {{appendix-ecdh}}. +In addition, to avoid the use of non-ephemeral Diffie Hellman, clients SHOULD NOT use use and server SHOULD NOT accept certificates with fixed DH parameters. These certificate types are rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh and ecdsa_fixed_ecdh. These values only apply to TLS versions of 1.2 and below. + # Ephemeral Finite Field Diffie Hellman {#dhe} Clients MUST NOT offer and servers MUST NOT select FFDHE cipher suites in TLS 1.2 connections. @@ -284,6 +286,13 @@ Note that all cipher suites listed in {{appendix-dh}} and in {{appendix-rsa}} are already marked as not recommended in the registry. +This document also requests IANA to populate a "D" in the recommended column of the TLS ClientCertificateType Identifiers for the following certificate types: + +- rsa_fixed_dh (3) +- dss_fixed_dh (4) +- rsa_fixed_ecdh (65) +- ecdsa_fixed_ecdh (66) + # Security Considerations {#sec-considerations} Non-ephemeral finite field DH cipher suites (TLS_DH_\*), as well as ephemeral key reuse