nalini elkins <nalini.elk...@e-dco.com> writes: >It would be nice to see some of this reflected in the draft rather than only >statistics on browsers. The real usage of these protocols is far more >complex.
+1. It often seems that the only possible use for TLS that gets considered in these things is web browsers and web servers, or big-iron type servers in general. There's a vast amount of TLS that never goes anywhere near a browser or server of this kind. In particular, the assumptions that are no longer valid in this case are: - CPU and memory is nearly unlimited and nearly free. - Anything can be easily upgraded at the touch of a button. - Everyone gets their certs from a commercial CA (that's present in a trust database). - People want the most full-featured, complex protocol possible. - Users want the latest, trendiest algorithms at all times. [Feel free to add more to this list, that's just the stuff that springs immediately to mind]. In the case of SCADA/embedded, pretty much the exact opposite of all of those points is the case (the last may be somewhat debatable, it's a reference to the fact that industry groups are very conservative and tend to stick with something that has what's regarded as good provenance). Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls