* If the client were to exclusively offer DHE-based ciphersuites, then the visibility techniques that have been used in the past are thwarted. TLS1.3-visibility will be equally thwarted if the client does not send the empty "tls_visibility" extension, right? (Assuming the server chooses to play by the rules, of course.)
Cheers, Andrei From: TLS <tls-boun...@ietf.org> On Behalf Of Russ Housley Sent: Tuesday, March 13, 2018 3:17 PM To: Ted Lemon <mel...@fugue.com> Cc: IETF TLS <tls@ietf.org> Subject: Re: [TLS] TLS@IETF101 Agenda Posted Ted: There's an easy way to do this, although as a sometime bank security geek I would strongly advise you to not do it: keep using TLS 1.2. This is a bogus argument. First, staying with an old protocol version often leads to locking in unmaintained versions of old software. Second, using TLS1.2 does not technically address the issue. If the client were to exclusively offer DHE-based ciphersuites, then the visibility techniques that have been used in the past are thwarted. Russ
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
