Thanks Rich I have seen these suggestions previously. But as numerous messages on this chain, from various people have discussed, neither of those suggestions are viable from an Enterprise Architecture planning perspective.
1. If staying with TLS 1.2 indefinitely was considered acceptable, would we even be having these discussions? 2. Modifying Server, application and logging infrastructure is a huge, expensive proposition, that executive management would not be receptive to at all. Not to mention the logistics to follow if they were. From: Salz, Rich [mailto:rs...@akamai.com] Sent: Monday, October 23, 2017 12:27 PM To: Ackermann, Michael <mackerm...@bcbsm.com>; Ted Lemon <mel...@fugue.com> Cc: tls@ietf.org Subject: Re: [TLS] Publication of draft-rhrd-tls-tls13-visibility-00 * I am merely trying to understand if there are any constructive suggestions amongst all these discussions, that we should consider. Yes. To repeat myself, here are two: 1. Continue to use your existing schemes. You won’t have to change to TLS 1.3 for years. 2. Modify your servers and logging infrastructure to report-out the PFS keys and use them Do you need me to post links to my messages? The information contained in this communication is highly confidential and is intended solely for the use of the individual(s) to whom this communication is directed. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information is prohibited. Please notify the sender, by electronic mail or telephone, of any unintended receipt and delete the original message without making any copies. Blue Cross Blue Shield of Michigan and Blue Care Network of Michigan are nonprofit corporations and independent licensees of the Blue Cross and Blue Shield Association.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
