On Fri 2015-10-02 11:24:10 -0400, Salz, Rich wrote:
>> Which one is safer, "tls1.2" v.s. "tls1.3 with comp/decomp" ?
>
> They are equivalent. If you use AES-GCM and ECDHE, and you don't need 0RTT,
> then there is no compelling reason to use TLS 1.3.
...and you use session-hash, and you either don't do renegotiation or
require secure renegotiation, and you don't use TLS-Unique, and you're
ok with fully-cleartext handshakes, and (maybe something(s) else i'm
forgetting) ...
I don't think we should be claiming that TLS 1.2 is equivalent to TLS
1.3 without many more caveats. :)
--dkg
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
