On Wednesday 22 July 2015 16:10:27 Dave Garrett wrote: > Consensus was my current WIP proposal is not viable, for some of the > following main reasons: > > 1) cost/benefit analysis doesn't seem to be worth it > 2) backwards compatibility handling > 3) some argue harder to implement; others argue easier > > cost: > - change has risks of mistake at various points (implementation, deployment, > admin, client config, etc.)
and server/client config is a huge cost vast swaths of web servers are misconfigured; introducing a more complex mechanism to server configuration when the existing situation is incomprehensible to many administrators won't help (and even many people that write the various blog posts about "how to configure SSL [sic] in httpd" clearly haven't read openssl ciphers(1) man page) any changes like this will require new APIs for configuration, that in turn means that not only libraries will need to be modified to add support for TLS1.3 configuration but applications too - that will slow adoption -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
