Within an enterprise that believes they need this kind of packet-capture-decode thing, what are the other benefits of TLS 1.3? They can already use good ciphers. They save the cost of not uplifting existing infrastructure. They lose 0RTT early-data, which when viewed globally seems like a reasonable trade-off.
I am much more cynical about the value of opt-in. I mean, what are you expecting users to agree to? And globally, what infinitesimal portion of the Web population can make an informed choice? And often there is no choice – one of the advocates here is from a statewide insurance company. So what is compelling about TLS 1.3 after you take away forward secrecy? I really want to hear an answer to that question from folks who say they need TLS 1.3 but without it.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls