On 06/07/14 20:41, Yaron Sheffer wrote: > Hmmm, surprisingly the answer to Stephen's question is, essentially no. > We're now at 60% TLS 1.0-only.
Well, different data sets and all that;-) Ivan's data has TLS1.2 at 37% in June, but 26% in Jan. But yeah, I'd have guessed there'd be more of a bump. S. PS: Ivan - thanks for your site/data! I think its great. If I were to ask for something more, I'd say the ability to see the graphs for how things change over time and/or the ability to export the data (as a csv or whatever) would nice additions. > > Thanks, > Yaron > > On 07/06/2014 10:35 PM, Ivan Ristić wrote: >> On 06/07/2014 20:31, Stephen Farrell wrote: >>> >>> >>> On 06/07/14 20:29, Yaron Sheffer wrote: >>>> Adding some data to my previous mail: >>>> >>>> As of Jan. 2014, 65% of the top 1M Web servers did not speak TLS 1.1 or >>>> 1.2 [1]. So while we should move implementations to TLS 1.2 (as we >>>> do in >>>> this draft), it is probably too early to mandate against the >>>> fallback to >>>> TLS 1.0. >>> >>> I wonder if that's changed post-heartbleed? I suspect it may well >>> have but no idea by how much. Anyone know? >> >> Monthly stats are available from SSL Pulse: >> >> https://www.trustworthyinternet.org/ssl-pulse/ >> >> There might be some problems currently when viewing the site in Firefox >> on Windows. Please use another browser if you can. I'll report the >> problem. >> >> If you'd like to see some stats that are currently not available, let me >> know. CVE-2014-0224 stats will be available in a couple of days. >> >> >> >>> S. >>> >>>> >>>> Thanks, >>>> Yaron >>>> >>>> [1] https://jve.linuxwall.info/blog/index.php?post/TLS_Survey >>>> >>>> On 07/06/2014 10:09 PM, Yaron Sheffer wrote: >>>>> Hi Trevor, thanks for your review. Please see my comments in line. >>>>> >>>>> On 06/30/2014 09:11 PM, Trevor Freeman wrote: >>>>>> General Comments. >>>>>> >>>> [...] >>>> >>>>>> >>>>>> Section 3.2 still treats SSL 3.0 differently to TLS 1.0. Why is it >>>>>> ok to >>>>>> fall back to TLS 1.0 but not SSL 3.0 if both offer the same security? >>>>> >>>>> This is a good question. I believe the answer is, because much of the >>>>> server population still only supports TLS 1.0, and if we recommend >>>>> otherwise, the recommendation will be ignored for (justified) >>>>> interoperability reasons. But I may be wrong about the prevalence of >>>>> such servers. >>>>> >>>> [...] >>>> >>>> _______________________________________________ >>>> Uta mailing list >>>> [email protected] >>>> https://www.ietf.org/mailman/listinfo/uta >>>> >>>> >>> >>> _______________________________________________ >>> Uta mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/uta >>> >> >> > > _______________________________________________ > Uta mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/uta _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
