Just a thought, but in the discussion of TLS 1.2, we might start to consider the use of TLS 1.2 **without the session hash/EMS** extension to be deprecated sooner. RFC 7627 basically rescued TLS 1.2 from a whole swathe of problems; so maybe requiring it (or not supporting TLS 1.2 if that cannot be negotiated) offers a short term step toward eventual deprecation, while allowing those who find themselves stuck on TLS 1.2 more time to adjust.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
