On Sat, Jul 8, 2017 at 6:04 PM, Eric Mill <e...@konklone.com> wrote: > > Stating that proxies are not viable for enterprise organizations due to > the scale and complexity of their network environments is subjective, > generally not well-detailed, and much more open to skepticism. > > The burden on the proposers should be to address this skepticism, and to > justify to the working group why enterprises that are large enough and > well-funded enough to have such vast and complex networks cannot invest in > upgrading those networks to an approach that doesn't rely on directly > weakening their own connection security and potentially the security of > others' through the unintended consequences of formalizing this RFC. >
TLS1.3 isn't a debate, or a legal argument. It's an actual thing in the world that we'd like to see succeed and be as pervasive as possible. The folks reporting saying it won't work are doing us a favor, they don't owe us anything. So when those users show up saying "This won't work for me", it is better to have a very open mind and make every attempt to understand them. If their explanations are not clear, then burrow further. Be charitable and lean as heavily towards why they may be right, search for good reasoning in /their/ favor, and state it as well as it can possibly be presented. Only on those terms try to tackle it with alternatives. If the presenters are wrong, and the skepticism is merited, that approach will still work. But if they happen to be right, it makes the alternatives or adaptations more clear, or the necessity for them more obvious. Dismissing concerns with trivial and shallow analysis can serve to diminish the success of TLS1.3, because the users don't need to adopt it, and can end up blocking it and creating a failure of "TLS 1.3 doesn't work in XXX environments". -- Colm
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
