[tptacek]

It wouldn't work. Users would see "very disturbing warnings" so often that the warnings would quickly stop disturbing them. Everyone --- everyone --- would blame the browsers, the way 3/4 of HN blamed Firefox when they enabled the fascist warning for self-signed certs (incidentally: a much more severe security problem than POODLE!).

If you want to think about "further", you want to suggest that Chromium disable support for TLS 1.1 and below. Nobody can ignore sites that break because they don't use the most secure variant of TLS. But that's obviously not going to happen.

[yuhong]

Yea, it would be likely a couple of years at least before we can disable TLS 1.0.

[justcommenting]

this is true, but if opera, firefox, chrome, and internet explorer all agreed to deprecate TLS 1.1 and below together (or at least implement scary warnings), i wonder if sites might respond differently.

it's an ecosystem problem, but also a collective action problem.