I read the Cloudflare section on middleboxes and I wonder if it was really
a good idea for them to go making changes to allow for existing boxes to do
that. They are not legitimate parties to a TLS connection and browsers and
websites should not have to change how they communicate to deal with their
nonsense. They should just break.
On Wed, 7 Mar 2018, 05:05 Pine W, <wiki.pine(a)gmail.com> wrote:
I'm no expert on TLS 1.3, but I thought that other
folks on Wikitech-l
might be interested in the industry news about the subject. The relevant
WMF Phabricator task is
https://phabricator.wikimedia.org/T170567.
Articles:
* "An Overview of TLS 1.3 – Faster and More Secure":
https://kinsta.com/blog/tls-1-3/
* "Why TLS 1.3 isn't in browsers yet":
https://blog.cloudflare.com/why-tls-1-3-isnt-in-browsers-yet/
* "Big banks want to weaken the internet’s underlying security protocol":
https://www.cyberscoop.com/tls-1-3-weakness-financial-industry-ietf/. WMF
employees who do advocacy work might be interested in this article, which
is why I'm sending this email to WMF Legal.
Regards,
Pine
(
https://meta.wikimedia.org/wiki/User:Pine )
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l