On Sun, Jul 16, 2017 at 5:14 AM, Salz, Rich <rs...@akamai.com> wrote: > Within an enterprise that believes they need this kind of > packet-capture-decode thing, what are the other benefits of TLS 1.3? They > can already use good ciphers. They save the cost of not uplifting existing > infrastructure. They lose 0RTT early-data, which when viewed globally seems > like a reasonable trade-off.
My guess is that industries interested in the DH key proposal would want 0-RTT. I think they would want to prevent replay attacks and might even see configuration errors of this as a risk (allowing 0-RTT inadvertently). > > > I am much more cynical about the value of opt-in. I mean, what are you > expecting users to agree to? And globally, what infinitesimal portion of > the Web population can make an informed choice? And often there is no > choice – one of the advocates here is from a statewide insurance company. > > > > So what is compelling about TLS 1.3 after you take away forward secrecy? I > really want to hear an answer to that question from folks who say they need > TLS 1.3 but without it. > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > -- Best regards, Kathleen _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
