Viktor Dukhovni <ietf-d...@dukhovni.org> writes: >Yes, once TLS 1.3 is closer to 20 years old, we'll know whether TLS 1.2 can >or should be retired, but until such time, TLS 1.2 is likely to still be with >us (embedded in home routers, printers, refrigerators, ...).
Another thing we need a lot more time to find out is whether, like HTTP > 1.1, TLS 1.3 has forked TLS. For HTTP there'll perpetually be two lines going forward, HTTP <number-go-up> for web browsers and HTTP 1.1 for everything that isn't a web browser. For embedded/SCADA TLS use you've now got a complete second protocol stack to fit into your limited firmware space, it offers no real security advantages over (non-buggy) TLS 1.2, and its performance is often much worse than TLS 1.2 (yeah, citation needed for that, I'm working on writing up some of this), so that some users who did try TLS 1.3 quickly reverted back to 1.2. So I'd say wait 20 years or so to see where things are going, and look across at HTTP <number-go-up> vs. HTTP 1.1 for a worked example. Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
