Let's not forget defense 0: migrating away from broken algorithms (which means turning them off). The fact that we didn't switch MTI away from RSA encryption in TLS 1.1 after these attacks were disclosed, or even in TLS 1.2, means that we've got a very long time before some sites can turn off these algorithms. Given that some places can't turn off SSL v3, it's not clear we can ever turn off a widely implemented protocol.
Sincerely, Watson Ladd _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
