On 11/27/20 11:58 PM, Eric Rescorla wrote:
To clarify, my suggestion was that https with TLS < 1.2 be treated as
insecure, not as neither secure nor insecure or any kind of "in
between".
Well, the problem is that it is secure from the perspective of the
site author
but insecure from the perspective of the client. That's not going to
end well
for the reasons I indicated above.
Well that is an interesting point that I missed earlier. But I think
the situation will be the same if any of the obvious workarounds is
used, like a plugin or proxy.
Keith
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
