Stephen Farrell <stephen.farrell@xxxxxxxxx> writes: >In earlier iterations of the draft we included some survey results for TLS >version usage in web, mail and OSes. I think your argument to special-case >embedded systems or systems without s/w update would be a lot stronger if you >or someone else had data to offer about the prevalence of these systems and >the TLS versions they support. That's more or less impossible since they're invisible to the public Internet. Or at least they're supposed to be, large numbers of them are publicly visible when they shouldn't be, but in any case at best you're going to get a lot of anecdotal evidence rather than anything comprehensive. However I think your comment points out the overall problem: usage in web, mail and OSes This means there's no consideration at all of use in embedded/SCADA/whatever. So I think the text should include wording to the effect that it applies to public Internet use but not to embedded/SCADA/etc for which very different considerations apply. For example the issue in the previous message with regard to the CA/B BR is mutually exclusive with embedded use, systems like that will pretty much never see a cert from a CA/B CA. Conversely, they'll have certs for RFC 1918 addresses and EUIs and whatnot which shouldn't (but probably have been) issued by public CAs. Peter. -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
