I normally don't chime in here, because I'm not technically a network operator, but I do know certs and PKI infrastructure. Just wanted to point out that many situations where such security would be desirable -- a repressive government, an overly surveilling employer -- have, or can easily put in place, tech to subvert the entire process anyway. Require every browser to include a custom CA certificate, issue certs on the fly for any given site, and The Man can MITM every site you visit, supporting whatever protocol your device requires. Requiring TLS 1.2 won't fix this -- it's an attempt to minimize the risk of specific protocol-based attacks at the expense of older browsers. That having been said, I'd like to see actual numbers on how many of Wikimedia's sites' visitors will be affected. What percentage of browsers visiting their sites can't support TLS 1.2 or later? -- Jim Goltz <jgoltz@mail.nih.gov> HHS/NIH/CIT/Network Services -----Original Message----- From: John Adams <jna@retina.net> Sent: Tuesday, 31 December, 2019 05:05 To: Matt Hoppes <mattlists@rivervalleyinternet.net> Cc: Constantine A. Murenin <mureninc@gmail.com>; North American Network Operators' Group <nanog@nanog.org> Subject: Re: Wikipedia drops support for old Android smartphones; mandates TLSv1.2 to read because no one should know what you read about or check out at wikipedia Sent from my iPhone
On Dec 31, 2019, at 00:30, Matt Hoppes <mattlists@rivervalleyinternet.net> wrote:
Why do I need Wikipedia SSLed? I know the argument. But if it doesn’t work why not either let it fall back to 1.0 or to HTTP.
This seems like security for no valid reason.