For me, the question of TLS-LTS or TLS 1.3. If TLS-LTS is a bug fix,
then what bugs does it fix that can not be fixed without defining a new
extension? If it were replaced with a guidance document that said
clients and servers MUST only support cipher suites X, Y, and Z, MUST
support encrypt-then-MAC and extended master secret, MUST only
offer/support P-256 for ECDH and RFC 7919 groups for FFDH, etc., what
bugs would still remain that TLS-LTS fixes?
On 11/26/24 6:37 AM, Salz, Rich wrote:
The draft isn't a minor change: it makes handshake and record
layer changes so everyone would need to install new software and
suffer similar compat issues as with a 1.3 update.
Compare a diff for this versus a 1.3 implementation. The latter is huge.
Also, the former can be considered as a bugfix that closes security holes. TLS
1.3 also fixes things, but it's not really just a bugfix.
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]
