What it means for users to be denied the benefits of TLS 1.3 is that they don't get, for example, perfect forward secrecy. Since the proposal was to do away with that anyway, but for all users, not just some users, that doesn't seem like it is better than just continuing to use TLS 1.2. It's already possible to configure both TLS 1.2 clients and servers to not use obsolete encryption algorithms. Most of the other improvements in TLS 1.3 probably don't apply to the use cases you are talking about.
So no, it's not self-defeating to say "continue using TLS 1.2 for now in your use case while we study this issue and try to figure out if there's a way forward that doesn't break TLS 1.3." On Sun, Jul 16, 2017 at 11:04 AM, Colm MacCárthaigh <c...@allcosts.net> wrote: > > > On Sun, Jul 16, 2017 at 1:52 AM, Salz, Rich <rs...@akamai.com> wrote: > >> I would also like to understand why TLS 1.2 is not sufficient for, say, >> the next five years. >> > > It probably is ... but isn't that the problem? If the answer is "Just let > them stay on TLS1.2", I find it very hard to interpret the arguments > against all of this as resulting in anything other than grand-standing. > Clearly the users would be no better off, and also end up denied the other > benefits of TLS1.3. > > This seems self-defeating, when there is so easy a path that may improve > things for all cases (forbid static-DH, add an opt-in mechanism instead). > > -- > Colm > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
