The main problem with not addressing the TLS visibility issue now is that no one knows when a vulnerability will be discovered in TLS 1.2 that forces enterprises to upgrade to TLS 1.3. We've had guarantees that TLS 1.2 and the RSA key exchange are going to be fine for 5 to 10 years, but nobody knows that, particularly in today's security environment. I've also learned that getting a solution in place through the IETF is a multi-year process, and then vendor adoption time has to be added on top of that. Enterprises don't want to be caught in a position where a vulnerability is forcing us to upgrade, and we are starting at ground zero on a multi-year process to restore TLS visibility. We have to get out in front of this problem so we're not caught unprepared.
Sent from my iPad > On Oct 20, 2017, at 11:57 AM, "Salz, Rich" <rs...@akamai.com> wrote: > > > > So it sounds like we are in agreement that continuing to use TLS 1.2 is > not a viable long term alternative. > > > Long-term is a subjective term, and using it can lead to misunderstandings. > > Based on current and previous actions around SSL and TLS versions, you can > use TLS 1.2 for at least five, likely at least 10, years. > > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
