Keith Moore <mo...@network-heretics.com> writes: >It can be expensive to upgrade devices in some industrial applications.
For the specific TLS implementation I was referring to in that post, upgrades have to be scheduled years in advance for each site, and for the next upgrade round, in 2030, will probably mean replacing the hardware to allow the cost of a site visit to be amortised. You do it once and you do it right. For other implementations it's a bit less problematic, but upgrades still require a site visit, shutting down major production processes, and spending possibly several hours updating and re-commissioning each piece of equipment. >For the smart ones (they're not all smart, of course) this translates into a >greater emphasis on minimizing complexity, product stability, and getting >things right the first time. That's the case in many of the systems I've reviewed, they're designed to have a downtime of never so you need to do it right. This is also why they ignore certs, or at least memcpy() a fixed blob into the right place in the handshake, they're a means of bundling up a key, not a built-in DoS on the device. Peter. _______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
