Re: [Last-Call] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 11/27/20 11:58 PM, Eric Rescorla wrote:

To clarify, my suggestion was that https with TLS < 1.2 be treated as
insecure, not as neither secure nor insecure or any kind of "in between".

Well, the problem is that it is secure from the perspective of the site author
but insecure from the perspective of the client. That's not going to end well
for the reasons I indicated above.

Well that is an interesting point that I missed earlier.   But I think the situation will be the same if any of the obvious workarounds is used, like a plugin or proxy.

Keith


-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux