This message popped into my inbox late yesterday.
The survey in question contains the following questions.
All of my clients have gotten rid of SSL on their public facing Web sites.
The dilemma we have is that while SSL is dead, it is baked into so many products and appliances. My clients are therefore stuck with appliances and software products that have SSL hard coded into them. As a result, they will be dependent on their vendors to convert to TLS.
That said, what is the risk of using SSL internally? Not a good practice, but truthfully, what is the risk?
In my opinion, using SSL internally for the next 12 to 24 months would not be the end of the world as long as it does not become a significant attack vector.
It will be interesting to hear the results of this survey.
PCI Guru 
The Feb 13th note is bringing good news; PCI Council has been working with industry stakeholders, and some requirements will be future-dated. That is a relief.
What surprised me the most is the NIST publication banning SSLv3 is dated May 2014, and no one really caught on then. The Council did not come out, at the time, with some future-dated statements. (They should have, if you ask me)
2014 was not a good year for encryption, and now everyone is in perception mode…
It is not the encryption that was bad with SSL and TLS v1.0, it is the implementation that put the keys at risk that is the problem.
A number of us questioned the NIST 2014 publication, but without an active exploit, it was all theoretical until POODLE appeared.
Geez, Just 24 hours to complete a survey?