Re: [Last-Call] Next steps on Deprecation/Obsolescence of TLS 1.0/1.1 Re: [TLS] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On Sun, Dec 6, 2020 at 6:08 PM Michael Richardson <mcr+ietf@xxxxxxxxxxxx> wrote:

EXECSUM: publish. We waited too long for this.

Eric Rescorla <ekr@xxxxxxxx> wrote:
    > The general story is the same: there is increasing but far from
    > universal support for TLS 1.3 and nearly universal TLS 1.2
    > support. For instance Qualys shows 99% of Web sites
    > supporting TLS 1.2 and the vast majority of measured connections
    > look like they are 1.2 or above (eyeballing at a percent or two)

That's totally public web centric.

I read somewhere that a significant portion of TLS traffic is b2b, and
doesn't show up as "web sites".  I'm sorry, I don't have a reference, I'd
have to dig through bookmarks for a few hours.

This survey can't measure the thousands of devices that are stuck at TLS 1.0,
because the vendor's abandonned ("EOL") them in 2016 without releasing anything
significant since 2010.

For instance, two entire generations of "managed" SOHO 10/100/1000 switches.
Still perfectly serviceable.... until the browser interface fails because the
browsers decide, based upon the above survey to move on.

We didn't make our decisions based on this survey. We based them on our own
measurements of how much TLS traffic < 1.2 we were seeing, which also includes
the non-public Web. If you look upthread you'll see Eliot complaining that that's
too Firefox centric, so I provided the papers listed above.

-Ekr

-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux