Section 2, Sentence 3: If you accept the above change, I would suggest changing “The Load Balancer uses ephemeral (EC)DH for connections from external Browsers over the Internet, to provide Forward Secrecy on those connections that are exposed to third-party monitoring.” to “The Load Balancer uses ephemeral (EC)DH key pairs with the standard TLS 1.3 handshake for connections from external Browsers over the Internet, to provide Forward Secrecy on those connections that are exposed to third-party monitoring.”
In this suggested change, I’ve debated whether to suggest using “(EC)DH” or (EC)DHE”. The TLS 1.3 spec reference to ephemeral mode of Diffie-Hellman key exchange as “(EC)DHE”.
rdroms
commented
7 years ago
From Paul Turner:
Section 2, Sentence 3: If you accept the above change, I would suggest changing “The Load Balancer uses ephemeral (EC)DH for connections from external Browsers over the Internet, to provide Forward Secrecy on those connections that are exposed to third-party monitoring.” to “The Load Balancer uses ephemeral (EC)DH key pairs with the standard TLS 1.3 handshake for connections from external Browsers over the Internet, to provide Forward Secrecy on those connections that are exposed to third-party monitoring.”
In this suggested change, I’ve debated whether to suggest using “(EC)DH” or (EC)DHE”. The TLS 1.3 spec reference to ephemeral mode of Diffie-Hellman key exchange as “(EC)DHE”.