[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Wikipedia drops support for old Android smartphones; mandates TLSv1.2 to read

On Tue, Dec 31, 2019 at 2:30 AM Matt Hoppes <
mattlists at rivervalleyinternet.net> wrote:

> Why do I need Wikipedia SSLed?  I know the argument. But if it doesnâ??t
> work why not either let it fall back to 1.0 or to HTTP.
> This seems like security for no valid reason.

Being able to authenticate that the content you've requested is coming from
the source from which you requested it seems like a pretty valid reason to
me. If you live in a privileged nation with democratic governance, and you
have ISP choice and your ISP doesn't and won't hijack your connections and
you're not otherwise in an environment where your connections may be
hijacked for any number of reasons by any number of parties, then you may
not think about this very much. Employing the best (popular,
well-supported, well-documented, completely open) current standard, TLS
1.2, instead of supporting deprecated, known-flawed previous versions of
that protocol also seems like an entirely reasonable idea, too.

If you don't like that this potentially disenfranchises users of old
devices (and there's perhaps a case to be made here), then the ire should
be imho directed towards the device vendors for not issuing security
updates for whatever version you wish were able to support modern
technology. Not at free web-based services for ending support for
deprecated, known-flawed protocols/ciphers/etc. If google wanted to issue
an update for older android versions to support TLS1.2 then they absolutely
could, though users may see some detrimental performance impact to using
modern technology on an outdated device.

This isn't a new issue, and we as the greater internet community have
generally tackled it by taking aggressive measures towards deprecating
known-flawed technologies on a conservative timeline.

RFC5246 was published over a decade ago.

- mdh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20191231/8c5eedb6/attachment.html>