In article you write:
>On 01/05/2020 22:35, Eric Rescorla wrote:
>> On Mon, Apr 27, 2020 at 2:04 AM tom petch wrote:
>>> and I am unclear whether or not TLS 1.3 will gain widespread use in the
>>> Internet, with HTTP, SMTP and such like.
>>
>>
>> I don't know about SMTP, but TLS 1.3 has *alread
On Fri, May 1, 2020 at 4:43 PM Keith Moore
wrote:
> On 5/1/20 6:48 PM, Eric Rescorla wrote:
>
> On Thu, Apr 30, 2020 at 7:59 PM Keith Moore
> wrote:
>
>> People do not always have the luxury of upgrading their clients and
>> servers to versions that support the recent TLS.Some legacy hardwar
On 5/1/20 6:48 PM, Eric Rescorla wrote:
On Thu, Apr 30, 2020 at 7:59 PM Keith Moore
mailto:mo...@network-heretics.com>> wrote:
People do not always have the luxury of upgrading their clients and
servers to versions that support the recent TLS. Some legacy
hardware
has firmwa
On Fri, May 1, 2020 at 10:47 AM wrote:
> > IMO RFC7525 and this new draft both suffer from dubious assumptions and
> > make poor recommendations because of those assumptions. In particular,
> > there are many cases for which using an old version of TLS is suboptimal
> > and it shouldn't be consi
On Thu, Apr 30, 2020 at 7:59 PM Keith Moore
wrote:
> People do not always have the luxury of upgrading their clients and
> servers to versions that support the recent TLS.Some legacy hardware
> has firmware that cannot be upgraded because no upgrades are
> available. Service providers do no
On 01/05/2020 22:35, Eric Rescorla wrote:
> On Mon, Apr 27, 2020 at 2:04 AM tom petch wrote:
>> and I am unclear whether or not TLS 1.3 will gain widespread use in the
>> Internet, with HTTP, SMTP and such like.
>
>
> I don't know about SMTP, but TLS 1.3 has *already* achieved widespread use
> o
On 5/1/20 5:02 PM, Peter Saint-Andre wrote:
On 4/30/20 8:59 PM, Keith Moore wrote:
IMO RFC7525
That ship sailed in 2015.
IETF isn't bound by /stare decisis/.
I don't think we ever said anything to the contrary. BCP does stand for
*best* current practice, after all.
If BCP really means Be
On Tue, Apr 28, 2020 at 1:41 AM tom petch wrote:
> One requirement that was raised in the later stages of the work on TLS 1.3
> related to audit, and was raised, I think, by representatives of the
> finance industry; the WG rejected the requirement.
It's worth noting that to the extent that thi
On Mon, Apr 27, 2020 at 2:04 AM tom petch wrote:
> What is the point of rfc7525bis? Why do we need it?
>
> It seems to me that RFC7525 is a good set of recommendations and little
> has changed, in practical terms, since it was produced, although
> cryptanalysts can find weaknesses therein
>
> --
On 4/30/20 8:59 PM, Keith Moore wrote:
> IMO RFC7525
That ship sailed in 2015.
> and this new draft both suffer from dubious assumptions and
> make poor recommendations because of those assumptions. In particular,
> there are many cases for which using an old version of TLS is suboptimal
> and
On 5/1/20 12:27 PM, Ned Freed wrote:
IMO RFC7525 and this new draft both suffer from dubious assumptions and
make poor recommendations because of those assumptions. In particular,
there are many cases for which using an old version of TLS is suboptimal
and it shouldn't be considered as secure,
IMO RFC7525 and this new draft both suffer from dubious assumptions and
make poor recommendations because of those assumptions. In particular,
there are many cases for which using an old version of TLS is suboptimal
and it shouldn't be considered as secure, but it may still be better
than depreca
12 matches
Mail list logo
