Ted: I do not follow.
>> This is a bogus argument. > > I'm pretty sure there's a Monty Python skit about this, so I won't belabor > the point. I'll avoid asking how many sparrows are needed ;-) >> First, staying with an old protocol version often leads to locking in >> unmaintained versions of old software. > > Right, that's one of the stated goals of this work: to be able to continue to > use software that the operator can't upgrade. No, the enterprise wants to use maintained server implementations. >> Second, using TLS1.2 does not technically address the issue. If the client >> were to exclusively offer DHE-based ciphersuites, then the visibility >> techniques that have been used in the past are thwarted. > > The client in this case is under the control of the operator, so this is a > non-issue. In some cases, the client in the load balancer is under the control of the enterprise. In other cases, the client is in the customer browser, and opt-in is very significant. Russ
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls