Wikipedia deprecated 1.0 and 1.1 on Jan 1, 2020.
Apple, Google, Microsoft, and Mozilla are all deprecating 1.0 and 1.1 in
their browsers by March 2020. Chrome will start showing warnings about 1.0
and 1.1 I think next week?
This isn't an assault on the free flow of information.
On Tue, Dec 31,
Not having available for use, yes. But mandating it?
On Mon, Jan 6, 2020 at 3:58 AM Yang Yu wrote:
>
> On Tue, Dec 31, 2019 at 4:17 AM Keith Medcalf wrote:
> > I am curious -- what exactly are those "obvious reasons"? (And for the
> > record HTTP *IS* being used, it is just being tunneled
?
--
Jim Goltz
HHS/NIH/CIT/Network Services
-Original Message-
From: John Adams
Sent: Tuesday, 31 December, 2019 05:05
To: Matt Hoppes
Cc: Constantine A. Murenin ; North American Network
Operators' Group
Subject: Re: Wikipedia drops support for old Android smartphones; mandates
On Tue, Dec 31, 2019 at 08:45:11AM -0500, Jared Mauch wrote:
>
>
> > On Dec 31, 2019, at 8:37 AM, Mike Hammett wrote:
> >
> > Silicon Valley is typically out of touch with reality.
> >
[...]
> If I have an old tablet that my kids use to do wikipedia and are now
> locked out, that’s forcing an
On Tue, Dec 31, 2019 at 4:17 AM Keith Medcalf wrote:
> I am curious -- what exactly are those "obvious reasons"? (And for the
> record HTTP *IS* being used, it is just being tunneled inside a TLS
> connection).
For a popular site, it would be doing a disservice to its customers by
not using
On 12/31/19 08:25, Seth Mattinen wrote:
> On 12/31/19 8:10 AM, joel jaeggli wrote:
>> Argumentation on the basis of a tu quoque fallacy doesn't really add
>> much to the dicussion. Depreciating potentialy dangerous and definitely
>> obsolete protocols does not make you a hypocrite.
>
>
> Then
On Tue, Dec 31, 2019 at 7:46 AM Matt Harris wrote:
>
> On Tue, Dec 31, 2019 at 10:34 AM Royce Williams
> wrote:
>
>> On Tue, Dec 31, 2019 at 7:17 AM Matt Harris wrote:
>>
>>>
>>> The better solution here isn't to continue to support known-flawed
>>> protocols, which perhaps puts those same
On Dec 31, 2019, at 00:30, Matt Hoppes
wrote:
Why do I need Wikipedia SSLed? I know the argument. But if it doesn’t work why
not either let it fall back to 1.0 or to HTTP.
This seems like security for no valid reason.
On Dec 31, 2019, at 04:04, John Adams wrote:
because no one should
On Tue, Dec 31, 2019 at 17:26 Seth Mattinen wrote:
> On 12/31/19 8:10 AM, joel jaeggli wrote:
> > Argumentation on the basis of a tu quoque fallacy doesn't really add
> > much to the dicussion. Depreciating potentialy dangerous and definitely
> > obsolete protocols does not make you a hypocrite.
On Tue, Dec 31, 2019 at 10:34 AM Royce Williams
wrote:
> On Tue, Dec 31, 2019 at 7:17 AM Matt Harris wrote:
>
>>
>> The better solution here isn't to continue to support known-flawed
>> protocols, which perhaps puts those same populations you're referring to
>> here at greatest risk, but rather
On Tue, Dec 31, 2019 at 7:32 AM Royce Williams
wrote:
> On Tue, Dec 31, 2019 at 7:17 AM Matt Harris wrote:
>
>> On Tue, Dec 31, 2019 at 9:11 AM Seth Mattinen wrote:
>>
>>> On 12/31/19 12:50 AM, Ryan Hamel wrote:
>>> > Just let the old platforms ride off into the sunset as originally
>>> >
No one mentioned the passwords need to be encrypted?
Why have an old encryption method that isn't secure?
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
On Tue, Dec 31, 2019 at 11:34 AM Royce Williams
wrote:
> On Tue, Dec 31, 2019 at 7:17 AM
On Tue, Dec 31, 2019 at 7:17 AM Matt Harris wrote:
> On Tue, Dec 31, 2019 at 9:11 AM Seth Mattinen wrote:
>
>> On 12/31/19 12:50 AM, Ryan Hamel wrote:
>> > Just let the old platforms ride off into the sunset as originally
>> > planned like the SSL implementations in older JRE installs, XP, etc.
There are really two arguments here.
1. TLSv1.0 is insecure and should never be used in an HTTPS scenario - cant
argue with this
2. Alot of static content sites are forcing HTTPS even though “technically”
there is nothing that needs to be secured in transit - this is where the
argument lies.
On 12/31/19 8:10 AM, joel jaeggli wrote:
Argumentation on the basis of a tu quoque fallacy doesn't really add
much to the dicussion. Depreciating potentialy dangerous and definitely
obsolete protocols does not make you a hypocrite.
Then how about privilege?
If someone is living in a
joel jaeggli wrote on 31/12/2019 18:10:
TLS1.0 is genuinely hard to support at this point. Doing so limits the
tooling you can use, It limits the CDNs that you can use. It forces you
to use obsolete codes bases.
not just that, TLS 1.2 has been around since 2008, i.e. 1 month before
android
On Tue, Dec 31, 2019 at 9:11 AM Seth Mattinen wrote:
> On 12/31/19 12:50 AM, Ryan Hamel wrote:
> > Just let the old platforms ride off into the sunset as originally
> > planned like the SSL implementations in older JRE installs, XP, etc. You
> > shouldn't be holding onto the past.
>
>
> Because
On Tue, Dec 31, 2019 at 6:12 AM Seth Mattinen wrote:
> On 12/31/19 12:50 AM, Ryan Hamel wrote:
> > Just let the old platforms ride off into the sunset as originally
> > planned like the SSL implementations in older JRE installs, XP, etc. You
> > shouldn't be holding onto the past.
>
>
> Because
On 12/31/19 07:10, Seth Mattinen wrote:
> On 12/31/19 12:50 AM, Ryan Hamel wrote:
>> Just let the old platforms ride off into the sunset as originally
>> planned like the SSL implementations in older JRE installs, XP, etc.
>> You shouldn't be holding onto the past.
>
>
> Because poor people
://www.midwest-ix.com
- Original Message -
From: "Matt Harris"
To: "Matt Hoppes"
Cc: "Constantine A. Murenin" , "North American Network
Operators' Group"
Sent: Tuesday, December 31, 2019 10:02:26 AM
Subject: Re: Wikipedia drops support for ol
On Tue, Dec 31, 2019 at 2:30 AM Matt Hoppes <
mattli...@rivervalleyinternet.net> wrote:
> Why do I need Wikipedia SSLed? I know the argument. But if it doesn’t
> work why not either let it fall back to 1.0 or to HTTP.
>
> This seems like security for no valid reason.
Being able to authenticate
I still don’t see any multi-million dollar donation receipts though..
So if we want to do this, do we sacrifice security for the 99.9% or do we have
Wikimedia pay the bill?
Oh, BTW, I have some network equipment with only 16-bit ASN support, or no
large communities, or no IPv6, or no AES, or
On 12/31/19 12:50 AM, Ryan Hamel wrote:
Just let the old platforms ride off into the sunset as originally
planned like the SSL implementations in older JRE installs, XP, etc. You
shouldn't be holding onto the past.
Because poor people anywhere on earth that might not have access to the
> On Dec 31, 2019, at 8:37 AM, Mike Hammett wrote:
>
> Silicon Valley is typically out of touch with reality.
>
I think this is a bit over the top and troll-ish but there is a big thing going
on in circles where transport integrity and secrecy are tied together when it’s
not necessary.
tt Hoppes"
Cc: "Constantine A. Murenin" , "North American Network
Operators' Group"
Sent: Tuesday, December 31, 2019 4:04:54 AM
Subject: Re: Wikipedia drops support for old Android smartphones; mandates
TLSv1.2 to read
because no one should know what you read about
ot;North American Network Operators' Group"
Sent: Tuesday, December 31, 2019 2:50:55 AM
Subject: Re: Wikipedia drops support for old Android smartphones; mandates
TLSv1.2 to read
Just let the old platforms ride off into the sunset as originally planned like
the SSL implementations in ol
nthal via NANOG"
To: "John Adams"
Cc: "Constantine A. Murenin" , "North American Network
Operators' Group"
Sent: Tuesday, December 31, 2019 5:30:58 AM
Subject: Re: Wikipedia drops support for old Android smartphones; mandates
TLSv1.2 to read
...
, December 31, 2019 3:47:58 AM
Subject: Re: Wikipedia drops support for old Android smartphones; mandates
TLSv1.2 to read
Ignoring the obvious reasons why TLS is needed and HTTP should not be used, I
guess people who want an HTTP version of Wikipedia that is read-only and
knowingly insecure, censorabl
Silicon Valley is typically out of touch with reality.
-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest-IX
http://www.midwest-ix.com
- Original Message -
From: "Constantine A. Murenin"
To: "North American Network Operators' Group"
Sent:
On Tuesday, 31 December, 2019 04:44, Constantine A. Murenin
wrote:
>Just to make it clear: are you suggesting that it should be a requirement
>to always verify the site where anonymous people make anonymous edits?
>Let that sink in.
TLS 1.2 as deployed in Web Browsers does not authenticate
On Tuesday, 31 December, 2019 02:48, Antonios Chariton
wrote:
>Ignoring the obvious reasons why TLS is needed and HTTP should not be
>used,
I am curious -- what exactly are those "obvious reasons"? (And for the record
HTTP *IS* being used, it is just being tunneled inside a TLS
Just to make it clear: are you suggesting that it should be a requirement
to always verify the site where anonymous people make anonymous edits? Let
that sink in.
C.
On Tue, 31 Dec 2019 at 05:31, J. Hellenthal wrote:
> ... because you should be able to verify the site you are at is actually
>
Well, that would be nothing, because they're blocking your device from
having any access.
C.
On Tue, 31 Dec 2019 at 04:04, John Adams wrote:
> because no one should know what you read about or check out at wikipedia
>
> Sent from my iPhone
>
> > On Dec 31, 2019, at 00:30, Matt Hoppes <
>
... because you should be able to verify the site you are at is actually the
site you intended to be at...
Let the old crap go. Besides the sheer amount of ppl left that have the older
phones most likely are not going to Wikipedia anyway.
--
J. Hellenthal
The fact that there's a highway to
because no one should know what you read about or check out at wikipedia
Sent from my iPhone
> On Dec 31, 2019, at 00:30, Matt Hoppes
> wrote:
>
> Why do I need Wikipedia SSLed? I know the argument. But if it doesn’t work
> why not either let it fall back to 1.0 or to HTTP.
>
> This
Ignoring the obvious reasons why TLS is needed and HTTP should not be used, I
guess people who want an HTTP version of Wikipedia that is read-only and
knowingly insecure, censorable, modifiable, etc. can donate a few million
dollars to the Wikimedia Foundation, before the tax year is over, for
Just let the old platforms ride off into the sunset as originally planned
like the SSL implementations in older JRE installs, XP, etc. You shouldn't
be holding onto the past.
Ryan
On Tue, Dec 31, 2019, 12:41 AM Constantine A. Murenin
wrote:
> On Tue, 31 Dec 2019 at 02:29, Matt Hoppes <
>
On Tue, 31 Dec 2019 at 02:29, Matt Hoppes
wrote:
> Why do I need Wikipedia SSLed? I know the argument. But if it doesn’t
> work why not either let it fall back to 1.0 or to HTTP.
>
> This seems like security for no valid reason.
Exactly. I used the wording from their own page; but I think
Why do I need Wikipedia SSLed? I know the argument. But if it doesn’t work why
not either let it fall back to 1.0 or to HTTP.
This seems like security for no valid reason.
On Tue, 31 Dec 2019 at 01:40, Quan Zhou wrote:
>
> On 12/31/19 15:34, Constantine A. Murenin wrote:
> > removing support for insecure TLS protocol versions, specifically
> > TLSv1.0 and TLSv1.1
>
> This is actually a good thing. There are many *valid technical reasons*
> behind this. You should
On 12/31/19 15:34, Constantine A. Murenin wrote:
removing support for insecure TLS protocol versions, specifically
TLSv1.0 and TLSv1.1
This is actually a good thing. There are many *valid technical reasons*
behind this. You should do this too.
41 matches
Mail list logo