On 06/07/2014 20:31, Stephen Farrell wrote: > > > On 06/07/14 20:29, Yaron Sheffer wrote: >> Adding some data to my previous mail: >> >> As of Jan. 2014, 65% of the top 1M Web servers did not speak TLS 1.1 or >> 1.2 [1]. So while we should move implementations to TLS 1.2 (as we do in >> this draft), it is probably too early to mandate against the fallback to >> TLS 1.0. > > I wonder if that's changed post-heartbleed? I suspect it may well > have but no idea by how much. Anyone know?
Monthly stats are available from SSL Pulse: https://www.trustworthyinternet.org/ssl-pulse/ There might be some problems currently when viewing the site in Firefox on Windows. Please use another browser if you can. I'll report the problem. If you'd like to see some stats that are currently not available, let me know. CVE-2014-0224 stats will be available in a couple of days. > S. > >> >> Thanks, >> Yaron >> >> [1] https://jve.linuxwall.info/blog/index.php?post/TLS_Survey >> >> On 07/06/2014 10:09 PM, Yaron Sheffer wrote: >>> Hi Trevor, thanks for your review. Please see my comments in line. >>> >>> On 06/30/2014 09:11 PM, Trevor Freeman wrote: >>>> General Comments. >>>> >> [...] >> >>>> >>>> Section 3.2 still treats SSL 3.0 differently to TLS 1.0. Why is it ok to >>>> fall back to TLS 1.0 but not SSL 3.0 if both offer the same security? >>> >>> This is a good question. I believe the answer is, because much of the >>> server population still only supports TLS 1.0, and if we recommend >>> otherwise, the recommendation will be ignored for (justified) >>> interoperability reasons. But I may be wrong about the prevalence of >>> such servers. >>> >> [...] >> >> _______________________________________________ >> Uta mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/uta >> >> > > _______________________________________________ > Uta mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/uta > -- Ivan _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
