Before you leave, there are a number of questions still unanswered. 1 Can this draft enable an active attacker to modify traffic? If not, then then how is that prevented?
2 Can this draft be used to segregate traffic so that only those willing to be intercepted can be handled separately from those unwilling? 3 Do you think that this draft will require zero changes to your infrastructure? How does that cost estimate compare with, say, the server just sending the PFS session key to the infrastructure? 4 What percentage of traffic in your enterprise is TLS 1.2 now? (Yes, that’s a new question I admit) 5 When do you think you will “have” to move to TLS 1.3, round it to, say five years. 6 What is the justification for this approach, other than you think it will be a “hard sell” to convince executives to do the work needed? I’ve seen no other reasons discussed and am curious to see how this response and #3 align. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls