On 12/31/19 08:25, Seth Mattinen wrote:
On 12/31/19 8:10 AM, joel jaeggli wrote:
Argumentation on the basis of a tu quoque fallacy doesn't really add much to the dicussion. Depreciating potentialy dangerous and definitely obsolete protocols does not make you a hypocrite.
Then how about privilege?
If someone is living in a less-privileged situation (oppressive regime, state controlled ISP, extreme poverty, whatever) there's also a good chance that such people may not able to acquire newer/updated technology easily, perhaps not even legally at great risk. I will disagree with anyone's assertion that people in such conditions deserve to be disenfranchised.
You cite a hypothetical situation that may, but does not in my experience exist, I work with customers who had populations of impacted devices, so the consequences and timing of these transitions are directly consequential to our customers. Most CDNs turned off tls 1.0 by early to mid-2018. The mobile devices that still required it at the time and did not have an alternative were a vanishingly small portion of the population then in use (for example legacy docomo i-mode handsets), and the ones that cannot support it now are still smaller, Lacking support for SNI was a signification consumer of address consumption in CDNs and that contributes to accessibility cost and usability issues for websites attempts at universal tls deployment as well so we should be clear that there are plenty of people who were disenfranchised by or burdened with otherwise unnecessary costs by the need to support tls 1.0. Most populations have recourse to application alternatives that can and did extend their useful service life to tls 1.2 (current firefox supports back to android 4.1 for example, Opera mini /mobile have much larger market shares in bandwidth constrained environments and superior performance on low end devices). tls 1.1 is not really far on the heels of 1.0. hence you see this now.