> There are both public and private sector regulators arcing towards being > more prescriptive in this area. It is possible, if not likely, in the not > too distant > future that my member companies will not have the choice to "downgrade" > to "obsolete" TLS versions. > > Note: the standards track document says it "Obsoletes: RFC 5246" which is > TLS 1.2. That's a signal that may prove difficult to divert in this rapidly > evolving threat and regulatory environment.
Then the industry will have to explain to its regulators that the latest version of the standard prevents them from doing what is required, in the way that it was, apparently, traditionally done. You can intercept and monitor TLS 1.3, but it mus be done at one of the endpoints, not via a passive intermediary watch traffic. We removed that capability because of the threat of national-scale actors doing such things on a global basis. _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
