On Sun, Mar 13, 2016 at 2:51 PM, Stephen Farrell <stephen.farr...@cs.tcd.ie> wrote: > > > That allows > > the > > experts in those protocols to do their own analysis, rather than somehow > > making it the responsibility of the TLS WG. I agree that this is a sharp > > object > > and I'd certainly be happy to have such a requirement in 1.3. > > So again, I totally understand the reluctance to consider all of the > foo/TLS options within the TLS WG. And I don't even know how one > might get that done if one wanted. (Hence my asking the WG.) > > However, it is the TLS WG that is introducing the dangerous implement > and as part of a protocol revision that is mainly intended to improve > security. It seems fair to say that that may be a surprise for folks > who just want to use TLS. > > My guess would be that if we say to all the WG's doing foo/TLS that > they need to write a new document before they safely can move from > TLS1.2 to TLS1.3,
This is not an accurate way to represent the situation. Those WGs can safely move from TLS 1.2 to 1.3 *as long as they don't use 0-RTT*. -Ekr
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
