On 12/2/20 5:37 AM, Peter Gutmann wrote:
If a device can be at all critical (and even if it isn’t), then it should be
upgraded or replaced.
The fact that many of these devices are extremely critical is precisely why
they're never replaced or upgraded, because they can't be taken out of
production.
+1
Another problem is that "upgrades" often don't function identically to
the firmware or equipment it would be replacing, making replacement
inherently disruptive even if it didn't require a shutdown.
Under current conditions, relying on upgrades to fix security issues in
industrial environments is a nonstarter. There's a tremendous amount
of inertia to overcome at many different levels.
Keith
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
