> On Oct 22, 2017, at 2:40 PM, Ted Lemon <mel...@fugue.com> wrote: > > On Oct 22, 2017, at 1:54 PM, Russ Housley <hous...@vigilsec.com > <mailto:hous...@vigilsec.com>> wrote: >> No one is requiring TLS 1.3 that I know about. However, there are places >> that require visibility into TLS. I will let one of the people that works >> in a regulated industry offer pointers to the documents. > > What they require is visibility into contents of the flow that they are using > encryption to protect. Right now, the protocol they are using is TLS 1.1 or > TLS 1.2. The right thing for them to do if they continue to need this > visibility and are no longer permitted to use TLS 1.2 is to use IPsec+IKE,
Is there running code that demonstrates the IPsec+IKE can be deployed and operated at scale in the sort of environment the enterprise network tips have described to us? > or some protocol that is designed for this use case, not to take a protocol > designed specifically for securing flows from on-path eavesdropping and > create a mode where it is easier to wiretap. ...assuming the necessary lead time and support from vendors to implement another protocol. > There is no reason other than momentum for them to switch to TLS 1.3 when it > doesn't address their use case. But TLS 1.3 addresses *part* of the use case, as it does provide better security and it represents an incremental change to the current deployment and operation practices. - Ralph > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
