On 18/09/2018 19:11, Salz, Rich via openssl-users wrote:
My point was about the likelihood of last-draft browsers lingeringon in the real world for some time (like 1 to 3 years) after the TLS1.3-final browser versions ship.I do not think this is a concern. Chrome and FF auto-update and get almost full coverage within a month or two, for example. Edge hasn't shipped TLS 1.3 yet. Safari encourages auto-update. That's most of the browser market.
While I have already accepted the infeasibility of adding this to OpenSSL, I will have to emphasize that your argument has a serious flaw: The users who delay or block automatic updates tend to greatly overlap with the users who actively block remote telemetry of their update habits, thus skewing such statistics of "get almost full coverage within a month or two". Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
