Thanks. I wanted to check because there's a common pattern in these sorts of security incidents where some suggestion for possible mitigation gets made (note how I weakened that phrase) and by the time the game of security telephone is played out over a few panicky hours it turns into "just do X and the problem is solved!". For instance, "just switch to RC4!" was not exactly the most solid of advice for BEAST, if one actually thought about it, but it was frequently presented as The Solution (TM). (Not necessarily by knowledgeable people, of course, but by enough people.)
TLS_FALLBACK_SCSV has the danger of becoming that, but in the short term it doesn't seem like it actually does much in a world where, AFAIK, not very many SSL connections support it.
TLS_FALLBACK_SCSV has the danger of becoming that, but in the short term it doesn't seem like it actually does much in a world where, AFAIK, not very many SSL connections support it.