- From: Henry Story <henry.story@bblfish.net>
- Date: Wed, 21 Sep 2011 15:25:31 +0200
- To: WebID XG <public-xg-webid@w3.org>
On 21 Sep 2011, at 11:51, Henry Story wrote: > > On 21 Sep 2011, at 10:22, Nathan wrote: > >> http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/ > > It looks like the pressure is growing to get all browsers to support TLS 1.2. Clearly until they do switching is difficult for web sites. A non Verified Account of a user called Ben Laurie, who has the same name as a person interested in security at Google said on g+ to support an argument that the above issue was a non-problem and that there are easier solutions than moving to TLS 1.2 [1]: <quote> • I am not at liberty to discuss details until Duong and Rizzo give their talk, but I have looked into this for OpenSSL. So, more soon! However, unless they have something they're not telling me, they don't have much. • OpenSSL 1.0.1 supports TLS 1.1 and 1.2. • It isn't clear that all the churn in 1.2 is actually desirable. </quote> So for what that is worth, a piece of a puzzle that might raise a few questions. Henry [1] https://plus.google.com/109693896432057207496/posts/D4JN2NmQzjj Social Web Architect http://bblfish.net/
Received on Wednesday, 21 September 2011 13:26:12 UTC