On Fri 2015-10-02 11:24:10 -0400, Salz, Rich wrote: >> Which one is safer, "tls1.2" v.s. "tls1.3 with comp/decomp" ? > > They are equivalent. If you use AES-GCM and ECDHE, and you don't need 0RTT, > then there is no compelling reason to use TLS 1.3.
...and you use session-hash, and you either don't do renegotiation or require secure renegotiation, and you don't use TLS-Unique, and you're ok with fully-cleartext handshakes, and (maybe something(s) else i'm forgetting) ... I don't think we should be claiming that TLS 1.2 is equivalent to TLS 1.3 without many more caveats. :) --dkg _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls