Some on this list have said that they need to break into TLS in order to protect customers.
The thing customers seem to need the most protection is having their personal data stolen. It seems to happen with amazing and disappointing regularity on astounding scales. Some examples include * retailer Target, presumably subject to PCI-DSS rules * Anthem health insurance, presumably a regulated industry * Equifax, a financial-business organization (but apparently not regulated) * Yahoo, a company created on and by and for the Internet (one would think they know better) We could, of course, go on and on and on. NONE of those organizations are using TLS 1.3. So what kind of “protect the customer” requires breaking TLS? And what benefits and increased protection will customers see?
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
