First they have to go through this vulnerability search dance with TLS-1.1 and achieve a reasonably complete move to TLS-1.2.
Regards, Uri Sent from my iPhone > On Oct 22, 2017, at 16:49, Steve Fenter <steven.fente...@gmail.com> wrote: > > The main problem with not addressing the TLS visibility issue now is that no > one knows when a vulnerability will be discovered in TLS 1.2 that forces > enterprises to upgrade to TLS 1.3. We've had guarantees that TLS 1.2 and the > RSA key exchange are going to be fine for 5 to 10 years, but nobody knows > that, particularly in today's security environment. I've also learned that > getting a solution in place through the IETF is a multi-year process, and > then vendor adoption time has to be added on top of that. Enterprises don't > want to be caught in a position where a vulnerability is forcing us to > upgrade, and we are starting at ground zero on a multi-year process to > restore TLS visibility. We have to get out in front of this problem so we're > not caught unprepared. > > Sent from my iPad > >> On Oct 20, 2017, at 11:57 AM, "Salz, Rich" <rs...@akamai.com> wrote: >> >> >> >> So it sounds like we are in agreement that continuing to use TLS 1.2 is >> not a viable long term alternative. >> >> >> Long-term is a subjective term, and using it can lead to misunderstandings. >> >> Based on current and previous actions around SSL and TLS versions, you can >> use TLS 1.2 for at least five, likely at least 10, years. >> >> >> >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
