On Mar 13, 2018, at 6:16 PM, Russ Housley <hous...@vigilsec.com> wrote: > This is a bogus argument.
I'm pretty sure there's a Monty Python skit about this, so I won't belabor the point. > First, staying with an old protocol version often leads to locking in > unmaintained versions of old software. Right, that's one of the stated goals of this work: to be able to continue to use software that the operator can't upgrade. > Second, using TLS1.2 does not technically address the issue. If the client > were to exclusively offer DHE-based ciphersuites, then the visibility > techniques that have been used in the past are thwarted. The client in this case is under the control of the operator, so this is a non-issue.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
