say...@gmail.com said: > For my part, I'm sick of "IoT" or "SCADA" or "embedded" vendors just > endlessly keeping old cipher suites alive. The unwise cost-cutting in those > areas does not constrain the rest of the internet.
Agreeded, but the software maintainers can't just drop support for X because it has been deprecated. There needs to be some plan with a schedule that gives downstream users time to get their act in gear. Should there be an IETF group to help coordinate things like this? If nothing else, there should be a RFC explaining the problem to vendors planning to ship software that can't be updated -- and showing their potential customers what to consider. Maybe data sheets should list the RFCs they depend upon -- with a big red arrow nwxt to the ones that have been obsoleted or deprecated. IoT and embedded are not the only problems. There are many companies that run old stable software. Ubuntu supports LTS releases for 5 years with 5 more available for a fee. https://ubuntu.com/about/release-cycle Do we have to worry about this area? Or will the companies like Ubuntu take care of their customers? -- These are my opinions. I hate spam. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
