> On 7 Oct 2017, at 17:17, Nick Sullivan wrote:
>
> Yoav,
>
> Let me make a correction to your scenario:. Instead of:
> "You’ll need it for Chrome to work with Google."
> it's:
> "You’ll need it for Chrome to work with Google, Facebook, and most of the 10%
> of Alexa top million sites that are
On Sat, Oct 07, 2017 at 09:38:24AM -0700, Adam Langley wrote:
> On Sat, Oct 7, 2017 at 12:17 AM, Hanno Böck wrote:
> > Alternative proposal:
> >
> > 1. Identify the responsible vendors.
> > 2. Tell all those vendors "You have 1 month to fix this. Fix it. Oh,
> > it's your customers who don't updat
On Sat, Oct 7, 2017 at 12:17 AM, Hanno Böck wrote:
> Alternative proposal:
>
> 1. Identify the responsible vendors.
> 2. Tell all those vendors "You have 1 month to fix this. Fix it. Oh,
> it's your customers who don't update? Seems you don't have any
> reasonable update system. Call your customer
> I didn't intend to be arguing with you. I'm happy to present what I have in
> Singapore and while I can't speak for others, I expect they would be as well.
*I* know you meant everyone else on this thread, and not me.
FB and Google folks, will you present at Singapore?
On Sat, Oct 7, 2017 at 8:25 AM, Salz, Rich wrote:
>
>
> > I suggest we not have this debate now. We'll have a lot more data
> towards the end of the month and we can have an informed discussion then.
>
>
>
>
>
> That is what I am asking for. More information so that the entire WG can
> make an i
Hi,
On Fri, 6 Oct 2017 13:16:37 -0700
Eric Rescorla wrote:
> - Fall back to TLS 1.2 (as we have unfortunately done for previous
> releases)
Thinking about this I honestly hope nobody is considering this
seriously. This would be an unfixable security design flaw. And it also
quite significantly
On Sat, Oct 7, 2017 at 11:25 AM, Salz, Rich wrote:
>
>
>> I suggest we not have this debate now. We'll have a lot more data towards
>> the end of the month and we can have an informed discussion then.
>
> That is what I am asking for. More information so that the entire WG can
> make an informed
> I suggest we not have this debate now. We'll have a lot more data towards the
> end of the month and we can have an informed discussion then.
That is what I am asking for. More information so that the entire WG can make
an informed decision. And I was only laying out an option that does no
I suggest we not have this debate now. We'll have a lot more data towards
the end of the month and we can have an informed discussion then.
-Ekr
On Sat, Oct 7, 2017 at 7:57 AM, Richard Barnes wrote:
>
>
> On Oct 7, 2017 10:43, "Salz, Rich" wrote:
>
>
> ➢ I don't want to speak for browser vend
On Sat, Oct 7, 2017 at 7:44 AM, Watson Ladd wrote:
> On Sat, Oct 7, 2017 at 7:17 AM, Nick Sullivan
> wrote:
> > Yoav,
> >
> > Let me make a correction to your scenario:. Instead of:
> > "You’ll need it for Chrome to work with Google."
> > it's:
> > "You’ll need it for Chrome to work with Google,
On Oct 7, 2017 10:43, "Salz, Rich" wrote:
➢ I don't want to speak for browser vendors, but history suggests that
Option 3) may not be a viable one for browsers with a significant market
share.
They can do what they want, but if they’re “in the rough” on the consensus
call, I hope they’ll go alo
On Sat, Oct 7, 2017 at 7:17 AM, Nick Sullivan
wrote:
> Yoav,
>
> Let me make a correction to your scenario:. Instead of:
> "You’ll need it for Chrome to work with Google."
> it's:
> "You’ll need it for Chrome to work with Google, Facebook, and most of the
> 10% of Alexa top million sites that are
➢ I don't want to speak for browser vendors, but history suggests that Option
3) may not be a viable one for browsers with a significant market share.
They can do what they want, but if they’re “in the rough” on the consensus
call, I hope they’ll go along.
As for yoav’s point about “not during
Yoav,
Let me make a correction to your scenario:. Instead of:
"You’ll need it for Chrome to work with Google."
it's:
"You’ll need it for Chrome to work with Google, Facebook, and most of the
10% of Alexa top million sites that are using Cloudflare."
TLS 1.3 (in on draft version or another) is ver
On Sat, Oct 7, 2017 at 2:57 AM, Ilari Liusvaara
wrote:
> On Fri, Oct 06, 2017 at 01:16:37PM -0700, Eric Rescorla wrote:
> > Hi folks,
> >
> > In Prague I mentioned that we were seeing evidence of increased
> > failures with TLS 1.3 which we believed were due to middleboxes. In
> > the meantime, s
> On 7 Oct 2017, at 4:01, Salz, Rich wrote:
>
> Thanks very much for the update.
>
> There is a third option, name the devices which are known to cause problems,
> and move forward with the draft as-is.
+1. I like this third option.
> 2. Tell all those vendors "You have 1 month to fix this.
On Fri, Oct 06, 2017 at 01:16:37PM -0700, Eric Rescorla wrote:
> Hi folks,
>
> In Prague I mentioned that we were seeing evidence of increased
> failures with TLS 1.3 which we believed were due to middleboxes. In
> the meantime, several of us have done experiments on this, and I
> wanted to provid
Alternative proposal:
1. Identify the responsible vendors.
2. Tell all those vendors "You have 1 month to fix this. Fix it. Oh,
it's your customers who don't update? Seems you don't have any
reasonable update system. Call your customers, send some support staff
to them. Fix this. Now."
3. Call for
18 matches
Mail list logo