[thirsteh]

Yeah. The outlook is not that great, and RC4 will definitely be better than CBC for those legacy systems in light of this discovery (http://www.isg.rhul.ac.uk/tls/). At least the browsers are actively working on supporting the latest TLS and modes.

[hynek]

Yes, the discovery of Lucky13 and the following helplessness by many not-really-ops-but-doing-it-anyway people were the motivation to write that article in the first place. To get a minimal baseline security out there. Those who know better, will do better. There’s enough additional links to get hooked up. Can’t do more. :)

[tptacek]

"Lucky 13" isn't exactly an ops crisis. You probably don't need to stay up late patching this one, unless you're using DTLS.

[hynek]

Oh certainly not a crisis – especially since it didn't bring new vectors to the table. I just saw many “what now!?”s in my timelines and figured I better give them a solid good-enough solution that just works before they do something stupid.