> On 2 Dec 2020, at 11:44, Peter Gutmann <pgut001@xxxxxxxxxxxxxxxxx> wrote: > > > It's actually the complete opposite, they will have every difficulty in doing > so. You've got systems engineers whose job it is to keep things running at > all costs, or where the effort to replace/upgrade is almost insurmountable, > who now have to deal with pronouncements from standards groups that insist > they not keep things running. I don't know where you get this idea that this > will cause "no difficulty" from, it's a source of endless difficulty and > frustration due to the clash between "we can't replace or upgrade these > systems at the moment" and "there's some document that's just popped up > that says we need to take them out of production and replace them”. That is as it should be. Let everyone understand the risks and make informed decisions. This draft does an excellent job at laying out the vulnerabilities in TLS 1.0 and 1.1. What it cannot do is adjudicate risk in every situation. If someone has done so and decided that the risk is acceptable, very well. They went in eyes wide open, and Stephen and friends helped. Eliot
Attachment:
signature.asc
Description: Message signed with OpenPGP
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call