This draft contains substantial omissions in section 3. Nothing in TLS 1.3 prevents scanning for servers and examining the certificates they present. Nothing in TLS 1.3 prevents using reverse proxies to provide WAF functionality. PCI-DSS compliance is not at odds with deploying TLS 1.3. In fact the citation to A2 is to a sun-setting of all pre TLS 1.2 versions for point of sale terminals. I really don't see where the conflict exists since all ciphers in 1.3 are secure.
The absence of these solutions means the draft overstates the impact of the increased protection TLS 1.3 provides. It's disappointing to see sustained and persistent opposition to encryption and privacy despite multiple RFCs saying that yes we should encrypt all the things. On Tue, Jul 23, 2019, 8:08 AM Bret Jordan <jordan.i...@gmail.com> wrote: > Nancy, > > I support this work and think this draft should be published. This is a > yet another good write up on some of the requirements that are needed for > operational security. > > Thanks, > Bret > PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 > "Without cryptography vihv vivc ce xhrnrw, however, the only thing that > can not be unscrambled is an egg." > > On Jul 21, 2019, at 9:51 AM, Nancy Cam-Winget (ncamwing) < > ncamw...@cisco.com> wrote: > > Hi, > Thanks to all the feedback provided, we have updated the > https://tools.ietf.org/html/draft-camwinget-tls-use-cases-04 > draft. At this point, we believe the draft is stable and would like to > request its publication as an informational draft. > > Warm regards, > Nancy > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls