Security and the Infrastructure Life Cycle; or, Why Are You Still Using TLS 1.2?

We as a community are good about at least considering the full life cycle of newly designed systems, and we talk about incorporating security in all phases of the cycle. However, as recent SSL woes have proven, there is a class of technology on which we rely heavily but whose useful lifetime we don't regularly consider. We still use infrastructure applications and protocols that have been with us since the beginnings of the Internet. Session attendees will share experiences of supporting (and retiring) old technologies and consider how to craft policies and discussions about life cycles for our critical infrastructure.

OUTCOMES: Identify 10 archaic technologies ripe for retirement * Be able to approach your institution about infrastructure end-of-life strategies * Be motivated to assist best-practice and theory development for security implications of long-persisting technologies