* Expressly reacting to the viability of continuing to use TLS1.2 forever.
Nobody has said that, you are arguing a strawman. * Industry groups will force us to use newer versions * Policy standards will evolve in similar fashions. * Likely there will be regulatory mandates in many of the marketplaces and business segments that large Enterprises participate in. None of those even require TLS 1.2 yet, and it is a decade old. Do you think any of them will jump from 1.1 to 1.3? What timetable do you think that will happen? A decade? Five years? * Software Products and Applications will attempt to remain current and will eventually sunset support for older protocol versions Again, what timetable do you think that will happen? * Business Partners or Government agency customers may require TLS1.3. “May.” Do you have any indication that this is a requirement? Government tends to work either far in advance (like NIST post-quantum crypto) or to track industry. * Internal Security Teams may require TLS1.3, at some point in the future. And they should! And why should we NOT want and be able to utilize TLS 1.3 with it’s updated and enhanced capabilities. We DO WANT THIS! We just still need to run our networks and businesses and are badly wanting to work with the Working Group to assure our use cases can be accommodated, if at all possible. Your use-cases can be accommodated. You just need to spend some more money on server-side runtimes and key management. Instead, you propose to force all clients into a weaker security posture. I am sorry to be harsh, but as I explained in email messages yesterday, if you force clients to indicate that they are willing to have traffic be intercepted, then any middlebox can categorize, and deny or subvert, such traffic. Again, don’t think of just national-scale adversaries, but your ISP or IP-in-airplane provider. The proposal fundamentally changes the way TLS works. And with the posted use-cases, it seems completely obvious to me that it *weakens* the protection afforded to the general population. I believe I know why people want this now. They are worried that if TLS 1.3 goes out without something like this, then the market (standard widely available browsers) will not implement it. Let me assure you that this isn’t an issue. The extension would *never ever* make it to the MUST state, and the browsers would be unlikely to ever implement it anyway. I have an alternate strategy proposal. Configure your servers to only use TLS 1.2 or earlier, probably for at least five years. During that time, modify the server-side and analysis tools to record and use the extra key material you’ll need for TLS 1.3.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
