On Thu, Jul 20, 2017 at 10:38 AM, Simon Friedberger <simon....@a-oben.org> wrote: > I would like to point out that a lot of this discussion seems to hinge > on the following argument: > > > On 17/07/17 13:04, Roland Dobbins wrote: >> On 16 Jul 2017, at 11:14, Salz, Rich wrote: >> >>> I really want to hear an answer to that question from folks who say >>> they need TLS 1.3 but without it. >> >> Being able to continue to utilize vetted, well-understood, >> standards-based cryptography on intranets once regulatory bodies such >> as PCI/DSS mandate TLS 1.3 or above - which will happen, at some point >> in the not-too-distant future. > > So the only reason not to use TLS 1.2 for these use cases is that it is > assumed that some regulator will in the future prohibit not using it. > > (I don't think TLS 1.2 is going away any time soon so it will continue > to be vetted, well-understood and standards-based.) > > I think it is up to those regulators to do their job properly and not > require TLS 1.3 for situations when it does not fullfil the requirements. > Or conversely if regulators still require TLS 1.3 although it does not > support the desired traffic inspection maybe they have made that > decision with good reason.
I think using TLS 1.2 and waiting will only work up to a point. When the regulators do require TLS 1.3 (and that may be years and years away), enterprises still need somewhere to go in order to use things like IDS and IPS, to look into where application issues are happening, and all the other reasons that are laid out for needing this draft. What's unclear is: Are these organizations willing to take their current networking and application designs and begin to slowly rework it to support a TLS 1.3-only (real-ephemeral-keys-only) style architecture by the time it is required? I can say from my enterprise perspective, enterprises have been working toward that goal since it was announced that RSA key exchange was going away several years ago. We're working with software vendors to get the logs that we need from endpoints, making sure that IDS/IPS vendors that currently break open streams of TLS cipher text using RSA keys are able to switch over to doing TLS termination (with good configurations), or use load balancers that can terminate TLS and loop it up into an IDS/IPS/WAF before sending the plaintext stream off into a new encrypted direction. It's not an overnight change, but it is a practical one, and one that could end up making these complicated applications that "need" static-key-style decryption work more effectively and efficiently. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
