Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2 Dec 2020, at 11:37, Peter Gutmann <pgut001@xxxxxxxxxxxxxxxxx> wrote:

Eliot Lear <lear@xxxxxxxxx> writes:

If a device can be at all critical (and even if it isn’t), then it should be
upgraded or replaced.

The fact that many of these devices are extremely critical is precisely why
they're never replaced or upgraded, because they can't be taken out of
production.

 I am well aware of vast amounts of insecure systems being out in the wild, up to and including pace makers.  Being critical doesn’t make them any more secure, and we shouldn’t say otherwise.  They are at risk, and we should say so, and not excuse them.

If we want to have operational guidance around how to handle insecure devices, I am ok with that.  Those might include secure facilities, application aware proxies, and other aspects, but I am not sure that is this document.

Eliot

Attachment: signature.asc
Description: Message signed with OpenPGP

-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux