On 17 March 2015 at 08:17, Ilari Liusvaara <[email protected]> wrote: > Heck, there's an RFC about attacks against TLS. Less than half year > since last update, but: > > - Contains an attack that is only fixed in TLS 1.3 draft (not even > draft extension to fix it in TLS 1.2). > - Contains an attack that has no standardized fix yet (and hits anondh > practicularly bad). > - Already missing at least 3 attacks, 2 of those apply to reasonably > modern stuff (not "you should already have deimplemented this a > LONG time ago!") and the other of those 2 is unfixed even in TLS 1.3 > draft.
This is not really the place to raise these issues. TLS 1.3 is a work in progress, if you have specific concerns, I know that you know where to raise them. I'd also encourage you to be more specific. _______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
