To be clear: TLS 1.3 does not support RC4. The only question is whether it's legal to concurrently offer RC4 with TLS 1.3 for purposes of using RC4 with TLS 1.2 (just as you can offer AES-CBC even though TLS 1.3 does not support it.) I am trying to work through this myself, as the interactions with browser fallback are very complex.
-Ekr On Sat, Jul 25, 2015 at 3:41 PM, Benjamin Beurdouche < benjamin.beurdou...@inria.fr> wrote: > > > On 25/07/15 06:46, Viktor Dukhovni wrote: > >> I hope, that by ~2017, RC4 will no longer be required either, and > >> we'll be able to disable RC4 in Postfix at that time. > > > > Seems to me that should be a reasonable match for expecting to see > > TLS1.3 getting deployed in lots of parts of the mail infrastructure, > > so that date would argue to not support rc4 at all in TLS1.3 in my > > conclusion (not that I know much about mail deployment trends). > > > > And if we have any support for rc4 in TLS1.3 it'll end up a footgun > > that'll damage many toes, so count me amongst those arguing for no > > rc4 (or similar) at all in TLS1.3. > > +1, though, my understanding was that RC4 was already out of TLS 1.3.. > In general I think we could all agree that we should never keep broken > stuff in TLS even if it is used a lot… > > Best, > B. > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
