Arnaud Taddei <arnaud.taddei=40broadcom....@dmarc.ietf.org>writes: >There is a big difference between > >patching an endpoint to a variation of TLS1.2 which is meant to work in a ’ >TLS1.2 designed environment” > >Vs > >patching an endpoint to TLS1.3 in an environment that was ’TLS1.2 designed >environment’
Yup, and that's the intent of the draft, since some industries are going to be living in a TLS 1.2 environment for some time (as well as TLS 1.0, but I'm not touching that one), this will try and make it the least problematic TLS 1.2 environment, i.e. it addresses well-known problem areas without making any significant changes - it was explicitly written not to include anything new (new algorithms, new signature types, new hashes, whatever), it's all existing algorithms that have been around forever, just with minor tweaks like sending the full domain parameters to allow verification of the DH values, which have been a problem in the past because of the PKCS #3-based origins of SSLv2 where this came from. Peter. _______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
