On Apr 10, 2025, at 06:13, Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote: > > Toerless Eckert <t...@cs.fau.de> writes: >>> On Wed, Apr 09, 2025 at 07:51:59PM -0700, >> How about "widely used in browser applications and widely available in curent >> IT operating systems" > > Some sort of qualification like that would be my preference as well.
I don’t think that would add anything to the document. > I don't > think I've ever encountered TLS 1.3 in SCADA (I mean, there's still a lot of > TLS 1.0 out there that people are struggling to move to TLS 1.2), so you could > just as easily say "TLS 1.3 has next to no deployment" depending on your terms > of reference. Right. The systems mentioned in this thread are already not complying to two or three previous recommendations of our TLS RFCs, so clearly their owners and vendors do not consider themselves in scope of what we do at the IETF. > Yup. Typically the security stuff, which is Not My Problem for the embedded > systems engineers, gets put in place and never touched again, its the > application-level protocols that are kept polished and up to date because > that's what sells. Clearly all of this is out of scope for the document’s recommendations. I haven’t seen concrete text that would improve this document for any devices that could be considered covered by the document. Paul _______________________________________________ Uta mailing list -- uta@ietf.org To unsubscribe send an email to uta-le...@ietf.org
