On Sun, Jul 16, 2017 at 2:08 AM, Ted Lemon <mel...@fugue.com> wrote: > What it means for users to be denied the benefits of TLS 1.3 is that they > don't get, for example, perfect forward secrecy. Since the proposal was to > do away with that anyway, but for all users, not just some users, that > doesn't seem like it is better than just continuing to use TLS 1.2. >
DH by default is just one benefit of TLS1.3, there are many others or else we wouldn't be shipping it with so many changes and improvements. Otherwise there would be no TLS1.3, and only a deprecation of the non-PFS cipher suites. But that plainly isn't the case. The main one I'm concerned about is me having to support non-TLS1.3 clients ;-) 1RTT key exchange is worth it alone. -- Colm
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls