I read the Cloudflare section on middleboxes and I wonder if it was really a good idea for them to go making changes to allow for existing boxes to do that. They are not legitimate parties to a TLS connection and browsers and websites should not have to change how they communicate to deal with their nonsense. They should just break.
On Wed, 7 Mar 2018, 05:05 Pine W, wiki.pine@gmail.com wrote:
I'm no expert on TLS 1.3, but I thought that other folks on Wikitech-l might be interested in the industry news about the subject. The relevant WMF Phabricator task is https://phabricator.wikimedia.org/T170567.
Articles:
- "An Overview of TLS 1.3 – Faster and More Secure":
https://kinsta.com/blog/tls-1-3/
- "Why TLS 1.3 isn't in browsers yet":
https://blog.cloudflare.com/why-tls-1-3-isnt-in-browsers-yet/
- "Big banks want to weaken the internet’s underlying security protocol":
https://www.cyberscoop.com/tls-1-3-weakness-financial-industry-ietf/. WMF employees who do advocacy work might be interested in this article, which is why I'm sending this email to WMF Legal.
Regards,
Pine ( https://meta.wikimedia.org/wiki/User:Pine ) _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l