On 6/09/13 21:11 PM, Perry E. Metzger wrote:
On Fri, 6 Sep 2013 18:56:51 +0100 Ben Laurie <b...@links.org> wrote:
The problem is that there's nothing good [in the way of ciphers]
left for TLS < 1.2.
So, lets say in public that the browser vendors have no excuse left
for not going to 1.2.
I hate to be a conspiracy nutter, but it is that kind of week. Anyone
at a browser vendor resisting the move to 1.2 should be viewed with
(Heck, if they're not on the government's payroll, then shame on them
for retarding progress for free. They should at least be charging. And
yes, I'm aware many of the people resisting are probably doing so
without realizing they're harming internet security, but we can no
longer presume that is the motive.)
Chrome handles 1.2, there is no longer any real excuse for the others
not to do the same.
The sentiment I agree with. But the record of such transitions is not good.
E.g., Back in September 2009 Ray & Dispensa discovered a serious bug
with renegotiation in SSL. According to SSL Pulse, it took until around
April of this year  before 80% of the SSL hosts were upgraded to
cover the bug.
Which gives us an OODA response loop of around 3-4 years.
And, that was the best it got -- the SSL community actually cared about
that bug. It gets far worse in stuff that they consider not to be a
bug, such as HTTPS Everywhere, TLS/SNI, MD5, browser security fixes for
phishing, HTTP-better-than-self-signed, HTTPS starting up with its own
self-signed cert, etc, etc.
 it depends on how you measure the 80% mark, though.
PS: More here on OODA loops
The cryptography mailing list