Salz, Rich <rsalz=40akamai....@dmarc.ietf.org> writes: > My starting assumption here is that the majority of people implementing > TLS and/or deciding what to authorize for deployment TLS-wise, are not > stupid, and understand the benefits of the newer protocol version, > including its added security. And capable of evaluating the risks of > moving to TLS 1.3 vs. staying with 1.2. > >That is a much nicer and broader brush than one I am willing to use to paint >the IT industry.
The near-universal thing I've run into is "our customers have read about this thing called TLS 1.3. 3 is bigger than 2 and they want some 3". Seriously. More generally, the request is phrased as "our customers are saying that our X can't talk to their Y. We need to make our X talk to their Y" (Y could be a 20-year-old buggy version of SSH, it's not necessarily newer stuff, just stuff that isn't currently handled). Technically the "capable of evaluating the risks" is accurate in that if they don't get some 3 there's the real risk that their customers will complain, but that's probably not what the OP was thinking about. Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
