> Well, it is true that NNTP can stay on TLS 1.2. News clients and news servers
> can implement TLS 1.2 and use it.
> The concern will be when TLS 1.2 is declared "flawed". Maybe one day it will
> be considered insecure; and then, compliant TLS implementations won't be
> able to use compression. That facility will then be lost.
Yes.
It is widely recognized that in many cases, TLS-level compression is flawed
(for example NNTP authinfo?). TLS 1.3 does not have it. So NNTP that needs
compression can continue to use TLS 1.2, and if TLS 1.2 is "flawed" things can
change.
/r$
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
