> What is happening from our perspective is choice is being removed and an > adequate replacement has (seemingly) not been identified.
So far I've seen two alternatives mentioned. Monitor at the endpoint, and use TLS 1.2. (You already have the PFS issue with TLS 1.1 and beyond). Not everything the IETF does will drop seamlessly into all enterprise deployments. But hey, at least you're not running SNA networks any more :) -- Senior Architect, Akamai Technologies IM: richs...@jabber.at Twitter: RichSalz _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls