Sent from my iPhone
> On Oct 22, 2017, at 3:24 PM, Kathleen Moriarty > <kathleen.moriarty.i...@gmail.com> wrote: > > > > Sent from my iPhone > >> On Oct 22, 2017, at 2:40 PM, Ted Lemon <mel...@fugue.com> wrote: >> >>> On Oct 22, 2017, at 1:54 PM, Russ Housley <hous...@vigilsec.com> wrote: >>> No one is requiring TLS 1.3 that I know about. However, there are places >>> that require visibility into TLS. I will let one of the people that works >>> in a regulated industry offer pointers to the documents. >> >> What they require is visibility into contents of the flow that they are >> using encryption to protect. Right now, the protocol they are using is TLS >> 1.1 or TLS 1.2. The right thing for them to do if they continue to need >> this visibility and are no longer permitted to use TLS 1.2 is to use >> IPsec+IKE, or some protocol that is designed for this use case, not to take >> a protocol designed specifically for securing flows from on-path >> eavesdropping and create a mode where it is easier to wiretap. >> >> There is no reason other than momentum for them to switch to TLS 1.3 when it >> doesn't address their use case. > > With no hat, I agree. > https://www.rsa.com/en-us/blog/2017-08/tls-security-and-data-center-monitoring-searching-for-a-path-forward > I should note that I have not read the new draft yet. These threads keep me busy. > Kathleen > >> >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
