On Mar 13, 2018, at 6:16 PM, Russ Housley <hous...@vigilsec.com> wrote:
> This is a bogus argument.

I'm pretty sure there's a Monty Python skit about this, so I won't belabor the 

> First, staying with an old protocol version often leads to locking in 
> unmaintained versions of old software.

Right, that's one of the stated goals of this work: to be able to continue to 
use software that the operator can't upgrade.

> Second, using TLS1.2 does not technically address the issue.  If the client 
> were to exclusively offer DHE-based ciphersuites, then the visibility 
> techniques that have been used in the past are thwarted.

The client in this case is under the control of the operator, so this is a 

TLS mailing list

Reply via email to