[Cryptography] [cryptography] NIST Workshop on Elliptic Curve Cryptography Standards

[John Levine]

>     There are many reasons why someone would keep XP running
>  and the concern for the security community might better be
>  addressed to the prospective zombie usage of those systems.  

Indeed.  I see those numbers in Wikipedia, but I'm not sure how
credible they are.  At meetings with people who run large e-commerce
web sites, it really doesn't seem like they care about XP users any
more.  I also note that most of the versions of Firefox and Chrome
that one can run on XP do support SNI, and I don't see any plausible
stats for the number of people who a) still run XP, b) use that
computer to visit web sites on the public Internet, c) use IE to do
so, and d) are not so worm-ridden that you don't want talk to them
anyway.

Android is more of an issue but it seems like a self-limiting one.
>From what I can see, Android 2.x doesn't do SNI, Android 4.x and 5.x
do.  There are still 2.x phones, but given the usual upgrade cycle
they're likely to be retired a lot faster than old Windows boxes.
Also, Android has good IPv6 support and if you have IPv6, SNI
is irrelevant.

R's,
John