Re: [TLS] [Last-Call] Last Call: (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

As Stephen said, couldn’t resist, first cup of coffee- That’s always the question of the day- what is an operator, vendor, researcher? I know “academia” on this list that have more operational experience than some in operator communities. We know in big companies there are so many people - but

Re: [TLS] [Last-Call] Last Call: (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

Hi Michael, On 04/12/2020 15:14, Ackermann, Michael wrote: We (Enterprises) are not as involved as we should be in IETF, and that is our own problem/fault. What I think irritates people like Stephen, I'm not irritated at all:-) is that there have been situations where we finally try to get

Re: [TLS] [Last-Call] Last Call: (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

Deborah Perhaps my biggest problem is I don’t drink coffee and it is early morning. But let me try anyway. (maybe I will chug a beer). I totally agree with you. We (Enterprises) are not as involved as we should be in IETF, and that is our own problem/fault. What I think irritates people like Step

Re: [TLS] [Last-Call] Last Call: (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

Thanks Stephen And I would agree that I or no one else can effectively, officially or otherwise represent ALL ENTERPISES.In many cases (as I think you have witnessed), the very few of us who have showed up at IETF, are even frequently reluctant to represent our OWN Enterprise officiall

Re: [TLS] [Last-Call] Last Call: (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

On Fri, 4 Dec 2020 14:20 BRUNGARD, DEBORAH A mailto:db3...@att.com>> wrote: > As Stephen said, couldn?t resist, first cup of coffee- > > That?s always the question of the day- what is an operator, vendor, > researcher? > > I know ?academia? on this list that have more operational experience than

Re: [TLS] [Last-Call] Last Call: (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

Michael, fundamentally the disconnect here seems to be that the IETF could ever be responsible for helping businesses to figure out how to plan for changes in technology _other_ than by doing work like this. Deprecating old versions of protocols is exactly what the IETF should be doing. This is

Re: [TLS] [Last-Call] Last Call: (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

On 04/12/2020 05:32, Rob Sayre wrote: Hi, What is the definition of “enterprise”? You could try the 16 RFC with 'enterprise' in their title such as RFC7381. Perhaps those who use as opposed to operators who provide, those whose business is funded by those who have little or no interest in w

Re: [TLS] [Last-Call] Last Call: (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

On Dec 4, 2020, at 3:00 PM, Ackermann, Michael wrote: > 1. Enterprises do not expect nor want IETF to be responsible for their > planning for changes in technology.But when IETF decides to change > protocols or deprecate existing technology of any sort, it would be > beneficial to all if o

Re: [TLS] Call for adoption of draft-vvv-tls-cross-sni-resumption

I also support adoption. > On Dec 3, 2020, at 4:17 PM, David Schinazi wrote: > > I support adoption of draft-vvv-tls-cross-sni-resumption. > > David > > On Thu, Dec 3, 2020 at 1:49 PM Salz, Rich > wrote: > > > Hmmm... I think it probably goes in this d

Re: [TLS] [Last-Call] Last Call: (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

Thanks Ted And no, I do not think that you do not take this seriously. I think we all appreciate your related thoughts and concerns and I thank you for expressing them. I do think you have misunderstood much of what has been said here.Since that is likely my fault, let me try to clarif

Re: [TLS] [Last-Call] Last Call: (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

On Dec 4, 2020, at 5:29 PM, Ackermann, Michael wrote: > Regards to the 12 years vs 1-2.12 years is probably too long for just > about anything, once it is determined to be a business need. But that is > the key first step. Then it will likely be a minimum of 1-2 years to get > the ident

Re: [TLS] [Last-Call] Last Call: (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

Hi Ted Just some quick general responses, as I still think we have exhausted this list's and subjects attention and are somewhat off the intended topic. Yes, I believe Elliot's suggestions are not only helpful, but understanding of the situation at Enterprises.I just responded to him on t

Re: [TLS] [Last-Call] Last Call: (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

Ted Lemon wrote on 04/12/2020 22:47: Why do people buy stuff that’s not upgradeable? Probably because the manufacturer doesn’t give them a choice, and there’s no way to force the choice. The recent discussions about legally requiring firmware-upgradeable IoT devices (e.g. in Singapore) is defin

Re: [TLS] [Last-Call] Last Call: (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

On Dec 4, 2020, at 19:17, Nick Hilliard wrote: > people don't necessarily buy stuff that's not ungradeable. They buy stuff > which has a support lifetime of finite duration. Same thing. If you’re serious about business continuity, you have an arrangement with the vendor about what happens if t

Re: [TLS] [Last-Call] Last Call: (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

On Fri, Dec 4, 2020 at 4:18 PM Nick Hilliard wrote: > > This shouldn't stop the IETF from formally deprecating standards which > are known to be dysfunctional. > The disconnect might be around the term "operator", which some might read as "wiretap enthusiast". The IETF should of course deprecat