On Fri, Sep 23, 2016 at 2:10 PM, BITS Security <bitssecur...@fsroundtable.org> wrote: > we need a better option than TLS 1.2 that will, perhaps sooner than we might > expect, be deprecated.
I'm somewhat confused here. The concern over RSA for key exchange versus DH for key exchange would only seem to apply when the network tapping system has access to the RSA key, right? So the part of this about monitoring the network for external chat and such doesn't really change if the client is using TLS 1.1 or 1.3, as you still can't decrypt the connection just from monitoring, right? If that is true, then it implies that the server is at least somewhat under control of the monitor, so it can support TLS 1.2 as long as needed. TLS 1.0 came out in 1999 and is still now (in 2016) widely deployed. While I hope TLS 1.3 deployment is speedy, I don't forsee browsers dropping TLS 1.2 and earlier support any time soon. Thanks, Peter _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls