Toerless Eckert <t...@cs.fau.de> writes: >On Wed, Apr 09, 2025 at 07:51:59PM -0700, Eric Rescorla wrote: >> Perhaps not, but that's not what I am saying. Rather, the point I am >> making is that your proposed text limiting this to *browsers* is far too >> narrow and the >> original text that says TLS 1.3 is widely deployed is in fact correct. >> "Widely" is >> not the same as "universally". > >Absence of any qualification just makes it easy to read "universally". > >How about "widely used in browser applications and widely available in curent >IT operating systems"
Some sort of qualification like that would be my preference as well. I don't think I've ever encountered TLS 1.3 in SCADA (I mean, there's still a lot of TLS 1.0 out there that people are struggling to move to TLS 1.2), so you could just as easily say "TLS 1.3 has next to no deployment" depending on your terms of reference. OTOH I can also see that this could end up as a bit of a bus depot [*] to sort out the phrasing. >For example, there are enough IoT/embedded systems running for 10++ years, >where there are software upgrades/extensions, and those extensions could be >"entirely new" protocols. Yup. Typically the security stuff, which is Not My Problem for the embedded systems engineers, gets put in place and never touched again, its the application-level protocols that are kept polished and up to date because that's what sells. Peter. [*] Like a bikeshed, but bigger and more complex. _______________________________________________ Uta mailing list -- uta@ietf.org To unsubscribe send an email to uta-le...@ietf.org
