Whilst I don’t know Peter, my intervention in San Francisco on this topic was on the same line.
Am working with the CISO teams of organizations that have to keep their infrastructure for 50 to 100 years long plans (nuclear power stations, hydraulic infrastructures, etc.). And among organizations I engage with, several DO have active plans to migrate out from TLS1.2 … but this is very hard! I learnt the hard way that migration projects are always the hardest possible projects vs say build something from scratch. Unfortunately there is one large part of the community which is not at the IETF ever or anymore to voice those concerns. Now, on the other hand, I do support the ‘active signals’ approach proposed by Rich and the adoption of this text exactly for the reasons expressed by Rich. My only ‘amendment’ is how we could stay connected with the community which is still on TLS1.2 and what is the magnitude of their issues, why, etc. This is why I asked the question whether there would be volunteers to design a ‘survey’ approach. This could bring data points from the broader community that could help guide this particular area of the work. If there would be some appetite, designing such a survey is not an easy task but should we agree, I would certainly be happy to gain the support from my organization to deploy this survey and get feedback from as many organizations as possible. My 0.02 CHF From: TLS <tls-boun...@ietf.org> on behalf of Salz, Rich <rsalz=40akamai....@dmarc.ietf.org> Date: Tuesday, 12 December 2023 at 18:53 To: Rob Sayre <say...@gmail.com>, Peter Gutmann <pgut...@cs.auckland.ac.nz> Cc: TLS@ietf.org <tls@ietf.org> Subject: Re: [TLS] Adoption call for 'TLS 1.2 Feature Freeze' Peter knows more about long-term embedded systems that use TLS than anyone else on this list. I trust him. Don’t think of things connected to the public Internet, but rather things like client-auth missle launching systems, seismic (nuclear) monitoring equipment, and the like. Stuff that you cannot pick up anywhere retail off-the-shelf, but is rather purpose-built. Having said that, I don’t want this draft to make his job harder; I’d rather my electric grid didn’t break :) But given that, and since he doesn’t have a specific concern in-hand right now, and that I think it is important and useful to send a clear signal to the global community, I’d still like to see the draft adopted and eventually published. It sends an active signal about new features, as opposed to a passive signal of just not accepting work. In my experience in security, active signals are better than passive ones. -- This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls