Sent from my iPhone
> On Oct 22, 2017, at 2:40 PM, Ted Lemon <mel...@fugue.com> wrote: > >> On Oct 22, 2017, at 1:54 PM, Russ Housley <hous...@vigilsec.com> wrote: >> No one is requiring TLS 1.3 that I know about. However, there are places >> that require visibility into TLS. I will let one of the people that works >> in a regulated industry offer pointers to the documents. > > What they require is visibility into contents of the flow that they are using > encryption to protect. Right now, the protocol they are using is TLS 1.1 or > TLS 1.2. The right thing for them to do if they continue to need this > visibility and are no longer permitted to use TLS 1.2 is to use IPsec+IKE, or > some protocol that is designed for this use case, not to take a protocol > designed specifically for securing flows from on-path eavesdropping and > create a mode where it is easier to wiretap. > > There is no reason other than momentum for them to switch to TLS 1.3 when it > doesn't address their use case. With no hat, I agree. https://www.rsa.com/en-us/blog/2017-08/tls-security-and-data-center-monitoring-searching-for-a-path-forward Kathleen > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
