On Oct 22, 2015 2:20 PM, "Salz, Rich" <rs...@akamai.com> wrote: > > > If we (okay, not "we", library implementors) require explicit application opt- > > in to TLS 1.3, the adoption rate is probably not going to be very good. So, yes, > > I think applications should start using TLS 1.3 without any changes. > > And what about 0RTT? Removed support for some crypto? Various other semantic changes?
If you don't enable 0RTT support and ignore removed crypto, what breaks? Most apps don't use renegotiation anyway? > > What you're really saying is "just like it always used to be, just better." > > And I want a pony. Most applications want a simple API that hides all the complexities of TLS. If OpenSSL had done that, then it would be easy to see how enabling 1.2 won't cause problems for those apps which said "you take care of it". > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
