Rob Sayre <sayrer@xxxxxxxxx> writes: >I don't understand your rationale here, though. If you've got existing systems with implemented, tested, and in-production TLS 1.2 stacks then the motivation to do a completely new TLS stack that does more or less the same thing as the old one but requires twice the code space (since it'll have to run alongside the old stack) and, usually, a truck roll to upgrade each system using it, is minimal if not zero. Thus there are many systems that will probably stay with 1.2 more or less forever. (This skips a lot of detail, e.g. if you've got a 10-20 year upgrade cycle then newer systems that have the resources for it may do dual-stack, but since they have to operate in an environment where everything else is on 1.2 or earlier they can't afford to drop 1.2. Even with newly-developed systems if you've got limited code space and have to choose between either 1.2 or 1.3, it'll be "stay with 1.2"). Peter. -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
