Hi Dave,
No sane security protocol should allow any mode which is known to be insecure under its common use-case.
Then the default in TLS 1.3 could be to not activate compression.
TLS 1.2 is technically configurable in a secure manner, but hardly anyone does so correctly. With TLS 1.3, we need to get rid of all of the insecure modes so all configurations are secure (at least to start).
This is compatible with keeping compression as a mode that can be explicitly activated.
-- Julien ÉLIE « Tant qu'il y a des marmites, il y a de l'espoir ! » (Astérix) _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
