On Tue, Apr 08, 2025 at 11:23:44AM -0700, Eric Rescorla wrote:
> I don't agree that this change is indicated. TLS 1.3 is far more widespread
> than just in browsers. It's been in major libraries for years and is
> supported in the Windows, MacOS, iOS, and Android stacks. This is not to say that
> there aren't environments which don't support TLS 1.3, but it's far more
> than just browsers.
Just because recent versions of mayor non-constrained device OS's have TLS 1.3
does not mean that those versions of the OS are or can be reasonably used in
a lot of "embedded" environments where those type of OS are used. The reason is again
the really long time lines and cost of upgrading OS's. For another fun example,
i think some tram systems used windows CE 3.11 until after 2015 and since then have
adopted something that sounded like Windows CE XP level.
And that is not including the much broader set of embedded OS.
If anything, we should have some data about wide-spread use of light-weight, open-source
TLS 1.3 libraries available across wide range of OS. That would allow much broader
applicability. But no idea if that can be claimed of e.g.: picotls or rusttls...
> As Alan observes, we are talking about levies on new protocols, not
> existing protocols. These should be deployed with TLS 1.3 for the reasons
> indicated in this draft.
That restatement does not address the concerns i already raised.
Cheers
toerless
> -Ekr
--
---
tte@xxxxxxxxx
--
last-call mailing list -- last-call@xxxxxxxx
To unsubscribe send an email to last-call-leave@xxxxxxxx
