Stephen, > I'd love to add more detail like that and/or more sections for other protocols if folks have data to offer with references.
I believe that I can reach out to various people I know. Please comment if my methodology is acceptable and if you think this will be helpful. I am thinking the following: Location: U.S. / Canada (possibly U.K.) - 3 banks (hopefully from the top 5) - 3 large insurance companies (includes back end processing) - 3 U.S. federal government agencies - 3 companies in the Wall Street / Stock brokerage sector (includes back end processing) - 3 large credit card / processors (ex. Visa, Discover, MasterCard, etc.) - 3 in the retail sector (Home Depot, Target, Lowes, et al) Note: I put in "back end processing" because these are the folks that most often have many connections to other business partners and so in some ways have the most complex systems to deal with. Note #2: This is aspirational! I hope I can get all these people to cooperate. I will try at least to get some in each category. I will ask them the following questions: 1. How many applications do you have? (This may end up being only the mission critical ones as otherwise it may be too hard to obtain.) 2. How many are using TLS and how many are still plain text? (We will disregard SSH and other such variants.) 3. What percent of clients are using a pre-TLS1.2 version? (This will be an estimation.) 4. Do you have an active project to migrate off of older versions of TLS? 5. What do you estimate your percent of clients using pre-TLS1.2 versions to be next year? Please let me know if this will be of use & if you have suggestions for improvement. Thanks, Nalini On Tue, Jul 10, 2018 at 1:51 PM, Stephen Farrell <stephen.farr...@cs.tcd.ie> wrote: > > Hi Nalini, > > On 10/07/18 04:50, nalini elkins wrote: > > It would be nice to see some of this reflected in the draft rather than > > only statistics on browsers. The real usage of these protocols is far > > more complex. > > I didn't have time before the I-D cutoff but have since > added a section on mail to the repo pre-01 version. (See > [1] section 3.2.) I'd love to add more detail like that > and/or more sections for other protocols if folks have > data to offer with references. > > Consistent with other folks' numbers sent to the list > yesterday, (though based on a much smaller sat of data I > guess;-) my data shows 10.6% use of TLSv1.0 when talking > SMTP/IMAP/POP (or HTTP) over TLS to a population of ~200K > IP addresses that listen on port 25 (mail servers). > > What I don't currently have is a rate of change for that > figure. I think that rate of change is the important number > for figuring out what to do in the next while. E.g. The > WG might conclude that if the percentage of TLSv1.0 is > moving down nicely, we should be a bit patient. If it's > not moving at all, we can probably move now or in 5 years > without that being different. If we're not sure, then get > more data... > > Cheers, > S. > > [1] > https://github.com/sftcd/tls-oldversions-diediedie/blob/mast > er/draft-moriarty-tls-oldversions-diediedie.txt > -- Thanks, Nalini Elkins President Enterprise Data Center Operators www.e-dco.com
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
