[cryptography] TLS renegotiation patch rollout progress

ianG iang at iang.org
Thu Sep 5 08:00:35 EDT 2013

Hi Rob,

On 5/09/13 14:30 PM, Rob Stradling wrote:
> On 05/09/13 11:58, ianG wrote:
>> Does anyone have any measurements of the rollout progress for TLS
>> renegotiation bug?
> https://www.trustworthyinternet.org/ssl-pulse/

Thanks, spot on!  I updated that old post to capture that as today's info.

>> I'm thinking here of the meta-question of the size of the OODA loop for
>> the SSL sector.  That is, the bug was discovered around September 2009.
>>   At what point was it reliably patched across the SSL ecosystem?  Those
>> two points measure the size of the OODA response loop.

So, if we take 82.6% as a fair sign of most of the net being now 
protected (80-20 rule?) then the OODA loop measures out as something 
like 5 years.  Perhaps less if we can measure an 80% coverage before 
that (but I don't see historical data on that site).

>> ps: http://financialcryptography.com/mt/archives/001210.html


More information about the cryptography mailing list