Hi Rich,
The security community thinks that compression is risky, error-prone,
and that a security/auth layer is the wrong place to put it.
So far, the only counter-argument has been "if TLS 1.2 has a flaw, I
want to move to TLS 1.3 without losing data compression."
Is this accurate?
Thanks for that checkpoint in the discussion!
I think the counter-arguments given so far all fall in that sentence.
Maybe we could say "if TLS 1.2 has a flaw or if I want to benefit of the
new facilities provided with TLS 1.3" to be more general.
--
Julien ÉLIE
« – Je ne peux que vous proposer l'étable…
– Comment s'appelle ce village ?
– Bethléem, je crois ! » (Astérix)
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls