"Perry E. Metzger" <pe...@piermont.com> writes: >Home routers and other equipment last for years. If we slowly roll out >various protocol and system updates now, then in a number of years, when we >find ourselves with real trouble, a lot of them will already be updated >because new ones won't have issues.
I'm not really sure if it works that way. From my experience with SSH in routers [0] I'd say it's more like: Binary images in routers last years. If we deploy first-cut, buggy implementations of new protocols now, we'll have to support the bugs in a backwards-compatible manner for the rest of eternity. That is, in the absence of widely-deployed, mature implementations to test against, router vendors will (if they were to ship with this right now) deploy pre-alpha quality code that would then be frozen for the rest of eternity. I have to maintain support for ten-year-old SSH bugs in my code because of ports to... well, unnamed vendors' systems done a decade or so back that never get touched again once the initial version got to the point where it would respond to a packet. So if vendors are going to bake things into firmware (which includes firmware images that never get updated, more or less the same thing) then I'd prefer they hold on a bit until it's certain they've got somewhat more mature code. Peter. [0] Implementations of this are easier to date than SSL, and also a lot buggier so there's more to watch out for. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com