On Saturday, 7 October 2017 20:37:35 CEST Yoav Nir wrote: > > On 7 Oct 2017, at 17:17, Nick Sullivan <nicholas.sulli...@gmail.com> > > wrote: > > > > Yoav, > > > > Let me make a correction to your scenario:. Instead of: > > "You’ll need it for Chrome to work with Google." > > it's: > > "You’ll need it for Chrome to work with Google, Facebook, and most of the > > 10% of Alexa top million sites that are using Cloudflare.” > What part of “not making any configuration changes until the second week of > January” is not clear to you? > > Seriously, I’ve had this conversation with administrators. > > Because if they go to their bosses, they get asked if they can guarantee > that the update will cause no outage. Of course they can’t. > > Then they get asked if Edge has the same problem. Let’s assume the answer is > yes. > > Then they get asked if they can turn off TLS 1.3 in Edge using GPO (or > whatever the remote configuration of Microsoft Windows is called these > days). In all likelihood, the answer is yes. > > Problem sovled, no? > > But, they’ll protest, more than half our employees use Chrome. > > So tell them not to use Chrome, says the manager. > > Because for the manager the decision to update the middlebox is all risk > with no rewards.
also the middlebox vendor will say that "we do not support TLS1.3", after you spell out that proper TLS1.2 support infers TLS1.3 support... -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls