On Mar 13, 2018, at 3:20 PM, Ackermann, Michael <mackerm...@bcbsm.com> wrote:
> I think that most Enterprises are not espousing any conversations "how can we
> avoid making any changes?"
With respect, Michael, when I have conversed with you about this in the past,
that is precisely what you have asked for. You do not want to have to change
your operational methodology, and any change to TLS that forces you to change
your operational methodology is unacceptable to you. I understand why that is,
and I sympathize, but let's please be clear that this is your precise goal.
> But we would seek to avoid unnecessary, wholesale, infrastructure
> architectural changes.
There's an easy way to do this, although as a sometime bank security geek I
would strongly advise you to not do it: keep using TLS 1.2.
Of course, you've also explained why that isn't acceptable to you—you are
afraid that the payment card industry will eventually force you to use TLS 1.3,
just as they have, rather ineffectively, tried to insist that you use TLS 1.2.
Now why would they do that?
TLS mailing list