On Oct 22, 2017, at 1:54 PM, Russ Housley <hous...@vigilsec.com> wrote: > No one is requiring TLS 1.3 that I know about. However, there are places > that require visibility into TLS. I will let one of the people that works in > a regulated industry offer pointers to the documents.
What they require is visibility into contents of the flow that they are using encryption to protect. Right now, the protocol they are using is TLS 1.1 or TLS 1.2. The right thing for them to do if they continue to need this visibility and are no longer permitted to use TLS 1.2 is to use IPsec+IKE, or some protocol that is designed for this use case, not to take a protocol designed specifically for securing flows from on-path eavesdropping and create a mode where it is easier to wiretap. There is no reason other than momentum for them to switch to TLS 1.3 when it doesn't address their use case.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
