On Oct 22, 2017, at 4:48 PM, Steve Fenter <[email protected]> wrote: > The main problem with not addressing the TLS visibility issue now is that no > one knows when a vulnerability will be discovered in TLS 1.2 that forces > enterprises to upgrade to TLS 1.3. We've had guarantees that TLS 1.2 and the > RSA key exchange are going to be fine for 5 to 10 years, but nobody knows > that, particularly in today's security environment.
Implicit in this assertion is the claim that these organizations could switch quickly to TLS 1.3, but in fact we know that it's been very difficult for them to make the switch from 1.1 to 1.2, and in many cases they haven't done it. So this isn't really at all persuasive. But even if it were persuasive, it still wouldn't be a good argument. TLS is a complicated protocol that does far more than is required for the use case we are talking about. It would be better to use a simpler protocol with a smaller attack surface. So why not get started on that now, instead of trying to weaken TLS 1.3?
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
