On Sat, May 2, 2020 at 10:26 PM Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote:
> Eric Rescorla <e...@rtfm.com> writes: > > >if you are running a piece of hardware that cannot upgrade its TLS stack > at > >all, you quite likely have a number of serious unpatched vulnerabilities, > and > >should reconsider whether it is safe to have that hardware attached to the > >Internet. > > Embedded non-upgradeable SCADA devices have some of the most secure TLS > implementations I've ever seen: > > Some of the most difficult-to-attack TLS implementations that I've seen > are > in embedded devices that don't have the memory to run a full TLS > implementation or to parse certificates. > I don't have much experience with SCADA TLS stacks, so I can't speak to this, but I wasn't thinking primarily of the TLS stack itself but just of the overall software on the device. In general, most software has some defects and some of them will be security relevant; If you are unable to upgrade the software on your devices, then if such vulnerabilities are discovered you are obviously in a bad position. -Ekr
_______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
