On Tue, Sep 22, 2015 at 8:32 PM, Colm MacCárthaigh <c...@allcosts.net> wrote:
> it doesn't seem too hard. My 2c: even if this were not the case, > optimizing NNTP in a backwards compatible way does seem like a more > important goal than making transport security as secure as possible by > default. > I don't think I could be more opposed to this position. The most important transport encryption protocol on the Internet should not have sharp edges simply to cater to the errata of Usenet. Nobody is forcing NNTP users to use TLS 1.3. I'm not sure the new features of TLS 1.3 even make sense for NNTP use cases. NNTP can add its own compression. Or worst case, if there's some existential threat to TLS < 1.3, NNTP can switch and not have compression until they can implement their own compression feature. If compression is so important to NNTP, they should add first-class support. Period. They should not be relying on a poorly conceived feature which has been repeatedly demonstrated to introduce vulnerabilities in what is supposed to be a *security protocol* just because they don't want to implement compression themselves. -- Tony Arcieri
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
