Ø If there would be support for integrity ciphers in TLS 1.3 it would enable the straight forward switch from TLS 1.2 also in these environments by keeping existing monitoring options.
Why do you want to move to TLS 1.3? Why isn’t your existing solution good enough? * [stf] Currently it is sufficient to use TLS 1.2- For certain use cases the utilized components have a rather long lifetime. One assumption is that TLS 1.3 will exist longer that TLS 1.2 and that certain software tools (also browsers) may not support TLS 1.2 in the future … Most browsers already do not support NULL encryption, and it is highly unlikely that any will add it for 1.3. Have you any indication otherwise? If you’re not going to use the algorithms in general use on the public Internet, then you should expect that standard clients such as browsers, will not work. PeterG can attest to this. :)
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
