Wikipedia drops support for old Android smartphones; mandates TLSv1.2 to read
Goltz, Jim (NIH/CIT) [E]
jgoltz at mail.nih.gov
Tue Dec 31 14:18:56 UTC 2019
I normally don't chime in here, because I'm not technically a network operator, but I do know certs and PKI infrastructure.
Just wanted to point out that many situations where such security would be desirable -- a repressive government, an overly surveilling employer -- have, or can easily put in place, tech to subvert the entire process anyway. Require every browser to include a custom CA certificate, issue certs on the fly for any given site, and The Man can MITM every site you visit, supporting whatever protocol your device requires.
Requiring TLS 1.2 won't fix this -- it's an attempt to minimize the risk of specific protocol-based attacks at the expense of older browsers. That having been said, I'd like to see actual numbers on how many of Wikimedia's sites' visitors will be affected. What percentage of browsers visiting their sites can't support TLS 1.2 or later?
--
Jim Goltz <jgoltz at mail.nih.gov>
HHS/NIH/CIT/Network Services
-----Original Message-----
From: John Adams <jna at retina.net>
Sent: Tuesday, 31 December, 2019 05:05
To: Matt Hoppes <mattlists at rivervalleyinternet.net>
Cc: Constantine A. Murenin <mureninc at gmail.com>; North American Network Operators' Group <nanog at nanog.org>
Subject: Re: Wikipedia drops support for old Android smartphones; mandates TLSv1.2 to read
because no one should know what you read about or check out at wikipedia
Sent from my iPhone
> On Dec 31, 2019, at 00:30, Matt Hoppes <mattlists at rivervalleyinternet.net> wrote:
>
> Why do I need Wikipedia SSLed? I know the argument. But if it doesn’t work why not either let it fall back to 1.0 or to HTTP.
>
> This seems like security for no valid reason.
More information about the NANOG
mailing list