On Thu, Jul 14, 2022 at 10:12 AM Andrei Popov <andrei.po...@microsoft.com> wrote:
> Speaking of PCs and servers: I took a look at Windows TLS stack telemetry > (only including those OS versions that support TLS 1.3). > TLS 1.2 is negotiated for 99% of the TLS server connections and 98% of the > TLS client connections using Windows TLS stack. > TLS 1.3 use amounts to 0.4% of TLS server connections and just under 2% of > TLS client connections. > Thank you for the data-driven approach, but it definitely doesn't match other reports. Maybe it means TLS 1.2 /could/ be negotiated for 99% of connections? Here is a 2019 document from the IETF: https://www.ietf.org/blog/tls13-adoption/ thanks, Rob > > Cheers, > > Andrei > > -----Original Message----- > From: Uta <uta-boun...@ietf.org> On Behalf Of Peter Gutmann > Sent: Wednesday, July 13, 2022 8:07 PM > To: Rob Sayre <say...@gmail.com>; Peter Saint-Andre <stpe...@stpeter.im> > Cc: Benjamin Kaduk <ka...@mit.edu>; sec...@ietf.org; > draft-ietf-uta-rfc7525bis....@ietf.org; last-c...@ietf.org; uta@ietf.org > Subject: [EXTERNAL] Re: [Uta] [Last-Call] Secdir telechat review of > draft-ietf-uta-rfc7525bis-09 > > Rob Sayre <say...@gmail.com> writes: > > >Also, in the realm of opinion rather than correctness: mandating TLS > >1.2 support is misguided. Every TLS implementation maintains divided > >codebases for 1.2 vs 1.3. > > On desktop PCs and servers perhaps, but in embedded the very fact that you > need two sets of codebases means many systems will stay with 1.2, possibly > forever when everything around them is also staying with 1.2. > > >No one reads the TLS 1.2 code very closely these days, in my > >experience, so the BCP would be mandating support for something people > >don't really work on anymore. > > Unless the only codebase you've got is 1.2. However in the same embedded > systems you typically do it once, do it right, and skip the neverending > flow of bells and whistles that keep appearing, so there's no need to > constantly fiddle with the code as for PC/server use. > > Peter. > > _______________________________________________ > Uta mailing list > Uta@ietf.org > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Futa&data=05%7C01%7CAndrei.Popov%40microsoft.com%7Ce00ddaa9c29c46256bcf08da65461b37%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637933649036169526%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=KdWkJBgZZYtqmqbNTu58h6cXqB7eq3o%2B65rEEu5eo%2BE%3D&reserved=0 >
_______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
