And (most of the time) they are also ahead of all nice BSI/NIST documents… Like for example Google with it’s shift to Cacha20-Poly1305, DNS over TLS, QUIC, etc. ;-)
> Am 12.10.2018 um 18:34 schrieb Dominic Schallert <[email protected]>: > > Hi Rene, > >> I have noticed quite the contrary. TLS v1.0 and TLS v1.1 is still in use, >> even TLS v1.2 - many years after the standards were being published. >> Adoption is very slow. I am sure that TLS v1.3 implementation will take a >> couple of years. >> This being said, yes, the best practices and recommendations change, but >> not as often as people buy new clients. The ACH guide is still valid for >> most configurations. > > That’s the problem. There are some driving forces like Google[1], > Github[2] or Cloudflare[3] which usually are light-years ahead of the > majority of other companies. Generally it’s very safe to say that what > these companies do, can be considered as current best practice. > > Just to give a few examples.. > > [1] https://tools.ietf.org/html/rfc7905 <https://tools.ietf.org/html/rfc7905> > [2] https://githubengineering.com/crypto-removal-notice/ > <https://githubengineering.com/crypto-removal-notice/> > [3] https://blog.cloudflare.com/introducing-tls-1-3/ > <https://blog.cloudflare.com/introducing-tls-1-3/> > > Cheers > Dominic
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Ach mailing list [email protected] https://lists.cert.at/cgi-bin/mailman/listinfo/ach
