Re: [Uta] TLS BCP 01 Draft

Sun, 06 Jul 2014 12:41:58 -0700

Hmmm, surprisingly the answer to Stephen's question is, essentially no. We're now at 60% TLS 1.0-only. 

Thanks,
        Yaron

On 07/06/2014 10:35 PM, Ivan Ristić wrote:

On 06/07/2014 20:31, Stephen Farrell wrote:



On 06/07/14 20:29, Yaron Sheffer wrote:

Adding some data to my previous mail:

As of Jan. 2014, 65% of the top 1M Web servers did not speak TLS 1.1 or
1.2 [1]. So while we should move implementations to TLS 1.2 (as we do in
this draft), it is probably too early to mandate against the fallback to
TLS 1.0.


I wonder if that's changed post-heartbleed? I suspect it may well
have but no idea by how much. Anyone know?


Monthly stats are available from SSL Pulse:

   https://www.trustworthyinternet.org/ssl-pulse/

There might be some problems currently when viewing the site in Firefox
on Windows. Please use another browser if you can. I'll report the problem.

If you'd like to see some stats that are currently not available, let me
know. CVE-2014-0224 stats will be available in a couple of days.




S.



Thanks,
     Yaron

[1] https://jve.linuxwall.info/blog/index.php?post/TLS_Survey

On 07/06/2014 10:09 PM, Yaron Sheffer wrote:

Hi Trevor, thanks for your review. Please see my comments in line.

On 06/30/2014 09:11 PM, Trevor Freeman wrote:

General Comments.


[...]



Section 3.2 still treats SSL 3.0 differently to TLS 1.0. Why is it ok to
fall back to TLS 1.0 but not SSL 3.0 if both offer the same security?


This is a good question. I believe the answer is, because much of the
server population still only supports TLS 1.0, and if we recommend
otherwise, the recommendation will be ignored for (justified)
interoperability reasons. But I may be wrong about the prevalence of
such servers.


[...]

_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta




_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta






_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta

Reply via email to