RE: Wikipedia drops support for old Android smartphones; mandates TLSv1.2 to read

["Goltz, Jim \(NIH/CIT\) \[E\] via NANOG" <nanog () nanog org>]

I normally don't chime in here, because I'm not technically a network operator, but I do know certs and PKI 
infrastructure.

Just wanted to point out that many situations where such security would be desirable -- a repressive government, an 
overly surveilling employer -- have, or can easily put in place, tech to subvert the entire process anyway.  Require 
every browser to include a custom CA certificate, issue certs on the fly for any given site, and The Man can MITM every 
site you visit, supporting whatever protocol your device requires.

Requiring TLS 1.2 won't fix this -- it's an attempt to minimize the risk of specific protocol-based attacks at the 
expense of older browsers.  That having been said, I'd like to see actual numbers on how many of Wikimedia's sites' 
visitors will be affected.  What percentage of browsers visiting their sites can't support TLS 1.2 or later?  

--
Jim Goltz <jgoltz () mail nih gov>
HHS/NIH/CIT/Network Services

-----Original Message-----
From: John Adams <jna () retina net> 
Sent: Tuesday, 31 December, 2019 05:05
To: Matt Hoppes <mattlists () rivervalleyinternet net>
Cc: Constantine A. Murenin <mureninc () gmail com>; North American Network Operators' Group <nanog () nanog org>
Subject: Re: Wikipedia drops support for old Android smartphones; mandates TLSv1.2 to read

because no one should know what you read about or check out at wikipedia

Sent from my iPhone

> On Dec 31, 2019, at 00:30, Matt Hoppes <mattlists () rivervalleyinternet net> wrote:
>
> Why do I need Wikipedia SSLed?  I know the argument. But if it doesn’t work why not either let it fall back to 1.0 
> or to HTTP. 
>
> This seems like security for no valid reason.