On Fri, Dec 16, 2022, 11:41 Hal Murray <halmurray+...@sonic.net> wrote:
> > say...@gmail.com said: > > For my part, I'm sick of "IoT" or "SCADA" or "embedded" vendors just > > endlessly keeping old cipher suites alive. The unwise cost-cutting in > those > > areas does not constrain the rest of the internet. > > Agreeded, but the software maintainers can't just drop support for X > because > it has been deprecated. There needs to be some plan with a schedule that > gives downstream users time to get their act in gear. > > Should there be an IETF group to help coordinate things like this? If > nothing > else, there should be a RFC explaining the problem to vendors planning to > ship > software that can't be updated -- and showing their potential customers > what > to consider. > Maybe data sheets should list the RFCs they depend upon -- with a big > red > arrow nwxt to the ones that have been obsoleted or deprecated. > > IoT and embedded are not the only problems. There are many companies that > run > old stable software. Ubuntu supports LTS releases for 5 years with 5 more > available for a fee. > https://ubuntu.com/about/release-cycle > Do we have to worry about this area? Or will the companies like Ubuntu > take > care of their customers? > Pressure from auditors will force Ubuntu to help their paying customers to update cryptographic primitives for compliance ? > > > > -- > These are my opinions. I hate spam. > > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
