Three month spec freeze

[Jason McBrayer]

plugd <plugd at thelambdalab.xyz> writes:
> Petite Abeille writes:

>> ❸ mandate >= TLS 1.3. Drop legacy support.
>>
>> Rational: no point dragging the burden of the past into the future.
>> Gemini innovative take on TLS deserves a modern foundation.
>
> Is this really necessary? What's so awesome about 1.3 from a
> layperson's perspective? I'm honestly asking, not just trying to be
> contrary. I worry this would increase the difficulty of complience
> without a real qualitative benifit. (Also, I think this would
> immediately break my server, so I'm biased. :-) )

I think it would break my server, too. I'm using a library that supports
1.3, but my previous attempts to force it to use only 1.3 were
unsuccessful.

There are several benefits to TLS 1.3, though. There are fewer options,
and thus fewer ways to mess up, and less legacy stuff to support. From
an end-user perspective, the main benefit is 0-RTT session resumption.
That's especially beneficial for us Geminauts, because we don't do
connection keep-alive, and pay the price of a TLS negotiation every
time. 

-- 
+-----------------------------------------------------------+  
| Jason F. McBrayer                    jmcbray at carcosa.net  |  
| If someone conquers a thousand times a thousand others in |  
| battle, and someone else conquers himself, the latter one |  
| is the greatest of all conquerors.  --- The Dhammapada    |