Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Dec 2, 2020, at 11:00 AM, Ted Lemon <mellon@xxxxxxxxx> wrote:
The situation right now is that it’s been known for a long time that RC4 and MD5 are not safe to use. Your vendors have known about this for a long time. If they do not have a roll-out plan for software that corrects the problem, you have chosen the wrong vendors. Look at your agreements with them. Are they honoring them? If not, you have recourse. If you didn’t contract with them to anticipate change, it’s time to go fix that.

Sorry, I was talking about the wrong document. But the point is the same. If you are using TLS 1.0 or TLS 1.1, your vendors should long since have offered you an upgrade path. If they haven’t, you chose the wrong vendors. Get to work on fixing that now, rather than complaining to us. A failure to plan on your part does not constitute an emergency on our part.


-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux