On Tue, Nov 26, 2024 at 9:06 AM Watson Ladd <watsonbl...@gmail.com> wrote:
> > > On Tue, Nov 26, 2024, 11:13 AM Salz, Rich <rs...@akamai.com> wrote: > >> Either you have new code and break compat or not. That's what really >> makes the planning hard IMHO. To the extent there is risk associated the >> widespread use of TLS 1.3 is a significant mitigating factor for >> undiscovered bugs rolling this out won't have. >> >> >> >> Spoken by someone who has little experience in enterprise deployments. :) >> > True. > > What makes the risk lower for LTS? > > Enterprises would still need to confirm compatibility of the same > products, roll out in stages, have a rollback plan etc. and they would have > much less data on what exactly breaks, harder time getting support in new > versions or in fixes given the niche nature etc. > > I get the draft claims that it's better than the TLS 1.3 given the long > rollout cycle particularly for embedded (not enterprise) environments. But > it's starting from 0 years rather than 6 years, with no formal analysis vs > many, with few to zero implementations vs considerable support. > This is a good summary of the debate. btw, the adoption call is supposed to end today :) https://mailarchive.ietf.org/arch/msg/tls/EgweLznJ8q6AnuqrFpW0b_kVA2c/ thanks, Rob
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
