Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

"BRUNGARD, DEBORAH A" <db3546@att.com> Thu, 03 December 2020 22:12 UTC

Return-Path: <db3546@att.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B9843A0D76; Thu, 3 Dec 2020 14:12:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.619
X-Spam-Level:
X-Spam-Status: No, score=-2.619 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=att.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z1bMyVC3TFzh; Thu, 3 Dec 2020 14:12:04 -0800 (PST)
Received: from mx0a-00191d01.pphosted.com (mx0a-00191d01.pphosted.com [67.231.149.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A24753A0D74; Thu, 3 Dec 2020 14:12:04 -0800 (PST)
Received: from pps.filterd (m0053301.ppops.net [127.0.0.1]) by mx0a-00191d01.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 0B3LtvqI035548; Thu, 3 Dec 2020 17:11:57 -0500
Received: from alpi154.enaf.aldc.att.com (sbcsmtp6.sbc.com [144.160.229.23]) by mx0a-00191d01.pphosted.com with ESMTP id 356fvnmgue-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 03 Dec 2020 17:11:57 -0500
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id 0B3MBs90017381; Thu, 3 Dec 2020 17:11:55 -0500
Received: from zlp30488.vci.att.com (zlp30488.vci.att.com [135.47.91.93]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id 0B3MBotj017292 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 3 Dec 2020 17:11:50 -0500
Received: from zlp30488.vci.att.com (zlp30488.vci.att.com [127.0.0.1]) by zlp30488.vci.att.com (Service) with ESMTP id A5851400B574; Thu, 3 Dec 2020 22:11:50 +0000 (GMT)
Received: from GAALPA1MSGEX1BD.ITServices.sbc.com (unknown [135.50.89.105]) by zlp30488.vci.att.com (Service) with ESMTPS id 82C95400B575; Thu, 3 Dec 2020 22:11:50 +0000 (GMT)
Received: from GAALPA1MSGEX1AA.ITServices.sbc.com (135.50.89.96) by GAALPA1MSGEX1BD.ITServices.sbc.com (135.50.89.105) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2044.4; Thu, 3 Dec 2020 17:11:49 -0500
Received: from GAALPA1MSGETA02.tmg.ad.att.com (144.160.249.124) by GAALPA1MSGEX1AA.ITServices.sbc.com (135.50.89.96) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2044.4 via Frontend Transport; Thu, 3 Dec 2020 17:11:49 -0500
Received: from NAM04-BN3-obe.outbound.protection.outlook.com (104.47.46.50) by edgeal2.exch.att.com (144.160.249.124) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2044.4; Thu, 3 Dec 2020 17:10:26 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QDLx7v4cYP2Zkpt0gDq4o7pM/gM7/yn7EtKpFdFSiIoCqAXSoVKbVEbBuBVXNTVg0QWVL2DFAyCBz/ohdRWyHO49wlDK2ZLvE/JZkoi11Kr41NfHWPS4lFV1c4ZAlNNJn5c2mlcmuShvda3haSfmp2FjgC1/rDseTrLAYNIgQQ4SSdURkziW3BV5Bp/f8SOn8uyyPq+g5aY9FPcEUZ+dKQ4JSZYz035IGiy92rsSRtLnVRXK/fq/ar/E9jREmATMblzYfs97Ex2sMyLVQZFPKgEbfQ+KhS7agykCV13uEhUu1jWQp25CHjab1zeyw5RvjQzgZOsSttQqedOdWzi90g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+UbIxEe2KJ9VTibVPmxCtdmwaGxFKj10hywZo+0hcdM=; b=HmiLsUojzRwlaFUnjj5mFJ/pRSAbSyrSy2ldJrb5zFif+MsUMx2o+j3kE7p7C0DhPC4d3/iXFkf0pLPweWG9FhhmLheP2u+dBfLOEA7+Wyq/70PgwCg0JDmtUtRnUkucnGj0A5+6CDh+Bxh/Gct24JoMKWmNVNGrz1l2WltOlWPeTdNhJ7oovi69U9HHfh2UcmD++VFUvPSP6P30CXkVqGMEtjnaN0eRDNiXTGckx5Q9Y3pi4n+A244PjBYdO+JA+te71biO0i2VEswgpVzVJ64Jl+amHPRfF6z50EsZzplPajvgsmSoock26oixdXGp9nG1sM2V/JTlPXeGvUFbWA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=att.com; dmarc=pass action=none header.from=att.com; dkim=pass header.d=att.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=att.onmicrosoft.com; s=selector2-att-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+UbIxEe2KJ9VTibVPmxCtdmwaGxFKj10hywZo+0hcdM=; b=NYXQEHivIOK/pHt1/lah+Lhx+xhOXWME1ARRQRcFGU7AQqlq5e4iKYshFvgHUhn0lUaoLIHA2/kHwjba4NqlprmoHiPlrxATmeO+VT2bGF/zFoEkgNqZzHi7fwm+PrLXsj1uQT8YTCgxZlkCRt6aRJKmT5uuA+K3h0TPhuM2WaA=
Received: from MWHPR02MB2464.namprd02.prod.outlook.com (2603:10b6:300:42::10) by MWHPR02MB3376.namprd02.prod.outlook.com (2603:10b6:301:62::37) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.21; Thu, 3 Dec 2020 22:10:26 +0000
Received: from MWHPR02MB2464.namprd02.prod.outlook.com ([fe80::9f2:8120:8012:7e35]) by MWHPR02MB2464.namprd02.prod.outlook.com ([fe80::9f2:8120:8012:7e35%5]) with mapi id 15.20.3632.018; Thu, 3 Dec 2020 22:10:25 +0000
From: "BRUNGARD, DEBORAH A" <db3546@att.com>
To: "STARK, BARBARA H" <bs7652@att.com>, "'Watson Ladd'" <watsonbladd@gmail.com>, "'Ackermann, Michael'" <MAckermann@bcbsm.com>
CC: "'Peter Gutmann'" <pgut001@cs.auckland.ac.nz>, "'Eliot Lear'" <lear=40cisco.com@dmarc.ietf.org>, "'last-call@ietf.org'" <last-call@ietf.org>, "'tls-chairs@ietf.org'" <tls-chairs@ietf.org>, "'draft-ietf-tls-oldversions-deprecate@ietf.org'" <draft-ietf-tls-oldversions-deprecate@ietf.org>, "'tls@ietf.org'" <tls@ietf.org>
Thread-Topic: [Last-Call] [TLS] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice
Thread-Index: AQHWx3lO3jBP8tjHHUin1CCFkGcWCqnhaGuAgACRcICAAF4BAIAACK+AgAFAr4CAAALMAIAARE+AgAAWqgCAAAqnAIAAH7qAgABFcYCAARKrAIAAG8WAgABADqA=
Date: Thu, 3 Dec 2020 22:10:25 +0000
Message-ID: <MWHPR02MB2464CD5D5B7568E9EAC58B26D6F20@MWHPR02MB2464.namprd02.prod.outlook.com>
References: <160496076356.8063.5138064792555453422@ietfa.amsl.com> <49d045a3-db46-3250-9587-c4680ba386ed@network-heretics.com> <b5314e17-645a-22ea-3ce9-78f208630ae1@cs.tcd.ie> <1606782600388.62069@cs.auckland.ac.nz> <0b72b2aa-73b6-1916-87be-d83e9d0ebd09@cs.tcd.ie> <1606814941532.76373@cs.auckland.ac.nz> <36C74BF4-FF8A-4E79-B4C8-8A03BEE94FCE@cisco.com> <SN6PR02MB4512D55EC7F4EB00F5338631C3F40@SN6PR02MB4512.namprd02.prod.outlook.com> <1606905858825.10547@cs.auckland.ac.nz> <EEFAB41B-1307-4596-8A2E-11BF8C1A2330@cisco.com> <BYAPR14MB31763782200348F502A70DA4D7F30@BYAPR14MB3176.namprd14.prod.outlook.com> <SN6PR02MB4512B95842251AE4C04B199CC3F30@SN6PR02MB4512.namprd02.prod.outlook.com> <BYAPR14MB31765FD24F4DFD90F81AEE2BD7F30@BYAPR14MB3176.namprd14.prod.outlook.com> <SN6PR02MB4512CBA9E4BF6AAC778BC674C3F30@SN6PR02MB4512.namprd02.prod.outlook.com> <DM6PR14MB31789349B737961728B7691ED7F30@DM6PR14MB3178.namprd14.prod.outlook.com> <CACsn0ckvoqZ5-JPRkOXp2Mw2zeTOdyCYLvX1NV1waJ-yidTwMQ@mail.gmail.com> <SN6PR02MB45129E647485BA5794D5CF4EC3F20@SN6PR02MB4512.namprd02.prod.outlook.com>
In-Reply-To: <SN6PR02MB45129E647485BA5794D5CF4EC3F20@SN6PR02MB4512.namprd02.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: att.com; dkim=none (message not signed) header.d=none;att.com; dmarc=none action=none header.from=att.com;
x-originating-ip: [98.109.184.27]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: e7af81fe-529b-4069-1de1-08d897d83c8e
x-ms-traffictypediagnostic: MWHPR02MB3376:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <MWHPR02MB3376FC5DD486A960F8935149D6F20@MWHPR02MB3376.namprd02.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: ZxPTQzb8VYsq4JYYXI7gzGJX+aKhMMQzJQA9Q35mTzhRai761cwnNvpIPKLmLiDMFOZcwCcswtVpTMlliMe9CvlFzSU3scGBJFK7jSrXM5AZTaEmoRgzSpxD0mPy6APNGz0FV6K2wx/EKz1xZYLjUKsjQem/VB89hFbmq3IyiUM6UTJ1l0T/AzEFVV0/Tg0HqVjzBJgTtf/Zwr8jcYqyI+FyuN7uu2n2UfxO7onK2NvcNOkAkTSzUrDmxnPQSCgVIl3KqDunXYmS70t3YerRBcZw/q+qUYi1i17wlwm68xeON7/H6jWJa243RYX+XIMUIdJBT94/o8sNQGxPkbRUPevZpk8SgR2Pa441Eq5EAu1QObdit8NIsAxRdJRq99J6AVphl8HlIlqw5SDRoog4CQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MWHPR02MB2464.namprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(346002)(136003)(39860400002)(366004)(376002)(4326008)(66946007)(6506007)(82202003)(33656002)(966005)(53546011)(478600001)(86362001)(71200400001)(66556008)(8676002)(66476007)(76116006)(316002)(64756008)(5660300002)(7696005)(52536014)(8936002)(66446008)(54906003)(110136005)(55016002)(186003)(2906002)(26005)(83380400001)(9686003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: =?utf-8?B?dXQ3Ni9FcHAzajBHNjd5TDQ2cDl0Q0VLQnlhd0JRcUxTSzJxaGNKK3FPSisz?= =?utf-8?B?aUJmc3Z2RXYxd2kxQnduNWl4azF3SkRTellzRm9MNGR5ekRhbS9UbmVUaVdr?= =?utf-8?B?RkFwTGFYSm9HMG9lTE9SKy94dUVsUm5TY2VlQjVrR2kxS2kyL0JVOFVrN0ZW?= =?utf-8?B?MEd0bHpCOHRqS3l4UVFSRUdyR2tud1R5S3RGYjZIMlczMFVneGdWQ2RKdlVl?= =?utf-8?B?V0pnZUFIZ2dnSHNzTHk0cnJZek8rd2ZaLzFTRGdDbTlacVh4dEpGT1lQWkl4?= =?utf-8?B?WE1CeGQzY3BzRFBwdWdoY0p3bHRBTGhqbEFTTHg5aVVuRGNsQ1l1blZSTVll?= =?utf-8?B?VlRXMm1qVzd2L2haUWp6bStRYTdhdVVsM2NqYWVRWEpNWnR6TldSekkyMyti?= =?utf-8?B?K0VienZUWWE5alJVQ21ER01RWmVXRFZnY0hEVyt0L1FUeDIxZzVsNlc2ZEM4?= =?utf-8?B?K2dCM0JlOGtKYVllTlNBeWNTa2dxSHZYOVZRTlZaVXlEOGdndXg0OGNOUU94?= =?utf-8?B?bE53SGdNN1M5cVRGblp2Y2wwSGJQcW5KcVVjdzNHK04xWmcyUXN3TXdPSUxE?= =?utf-8?B?Y3I2cTFjV0M3Q3VCUUgwUHFCQ0M3VmxhQXhuZFMyWHBxUlcyVThLdEFvbkFl?= =?utf-8?B?OEltQjRSdDR1L3haNFVrSzZ5QWk2Z2kvZk8rYWtVNDVFbWlxK1ZhV3hsdzZX?= =?utf-8?B?QnJIZjZ4Z3E3NUYxTFBSaEZKME5aSzNkS1NVN25Dd1dVazRneTZrTEtZd2U3?= =?utf-8?B?LzZvb0tmSDBVamdoeTV1L1IzcEc5Um1wWGFhUm11S0M5TGlQK25iYzN6bEM2?= =?utf-8?B?KzV6NERXM3F6VSttMFhmbkZuY3BXUVdibldvV3Z1emM3N05PWGdxd3QybDhI?= =?utf-8?B?cUVzcXFwT0J3N0V5WEdHVmlsTGw1Z0VJdHdBN1l5SUZxZXpQYjdPRS9HSXpz?= =?utf-8?B?eGtiRndjbTU2Z0xqZjFYL3hLS2dyOTlnR2dYa3V6bWlXbERxNCsvL0t1SFMw?= =?utf-8?B?cUswNlJwUHB5OHFrTytJcjB1OVRsc2lqTG15L2J6QkdCclNLelU5eE5STEpI?= =?utf-8?B?UzNTMDgraUNxL09odGlGVTVQVjBqVksyYXhnR21MelJaWk1XWFJQeWRjemV3?= =?utf-8?B?YWpiamR4Wk1hUFBBVW9paytLa0phQU5qaHMxSE5JVDQrY1ZycUtyVUdTT1Z5?= =?utf-8?B?eHpHekQ2NExlWW1FWmtCcmU0NytCbVNpQkFQc3VTSk9VVlE1NHFLSDYyeEdx?= =?utf-8?B?S2N3SFMzYXFsSWZOaUZZaEtXbEk2eVRJc2xrTHJvSWYwUFo5YWhrZkZHdWNM?= =?utf-8?Q?+5I1iHkeTKCSg=3D?=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MWHPR02MB2464.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e7af81fe-529b-4069-1de1-08d897d83c8e
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Dec 2020 22:10:25.5532 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: e741d71c-c6b6-47b0-803c-0f3b32b07556
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ziDdtDz5O5dpk9swLZhrCAwWd7RkgY7agZh27JEtQMe46JwiwY3p7m6QOG5Tmy6S
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR02MB3376
X-OriginatorOrg: att.com
X-TM-SNTS-SMTP: 6F692C1AA34305A8255DDF09F12880026474A9D580BBCD79FA4D45E7DA7136A62
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.312, 18.0.737 definitions=2020-12-03_12:2020-12-03, 2020-12-03 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 phishscore=0 mlxlogscore=999 mlxscore=0 bulkscore=0 adultscore=0 impostorscore=0 priorityscore=1501 lowpriorityscore=0 spamscore=0 clxscore=1011 suspectscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2012030125
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/6HHifnRvKCdKYzMDl5AHAH9xOK4>
Subject: Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Dec 2020 22:12:06 -0000

As Barbara builds her confidence for the IETF list and while we have Mike's attention-

Mike, you commented "More, it is a lack of understanding of how things work within Enterprise Networks and the lack of Enterprise engagement in Standards Development processes. And finally, this may not be a gap that the IETF should care about or address, but someone should, IMHO."

I wanted to +1 on to Barbara's message - many of us will say - "we do care". As IETF is "huge" (for many operators/users that is the biggest bottleneck on participating), not sure if you follow the ops area (I'm a routing AD, but ops always has my attention😊), they have several documents on enterprises. Currently a document on the impact of TLS1.3 on operational network security practices. They also have an IPv6 one. I think in all the Areas (I know best the routing area), we encourage operators and users to participate. If you have suggestions - we are interested.

How to increase visibility? Do you have suggestions? Liaisons? ISOC? When RFC7381 (Enterprise IPv6) was done, it was an ISOC blog:
https://www.internetsociety.org/blog/2014/10/new-rfc-7381-enterprise-ipv6-deployment-guidelines/

Possibly this draft should be a blog? Suggestions?

Thanks again for the interesting thread-
Deborah
for some humor - I'm still stumbling on the draft's requirement "Pragmatically, clients MUST NOT send". I'm not sure operationally how to ensure pragmatic client behavior - maybe a "pragmatic client" profile😊 I'll save that question for my ballot comment. And of course a google of pragmatic is very entertaining:
https://www.google.com/search?q=pragmatic&tbm=isch&source=iu&ictx=1&fir=UnkLahjDGGZYtM%252C2VmBAP_98FtW_M%252C%252Fm%252F0c6h9&vet=1&usg=AI4_-kQHPVOk9B-3gfzcXUP1bBCiuOQ5TQ&sa=X&ved=2ahUKEwjxqN-W1rLtAhXKhK0KHWuFBGYQ_B16BAgrEAE#imgrc=WzKrFQWEFvjiWM



-----Original Message-----
From: last-call <last-call-bounces@ietf.org> On Behalf Of STARK, BARBARA H
Sent: Thursday, December 3, 2020 12:03 PM
To: 'Watson Ladd' <watsonbladd@gmail.com>om>; 'Ackermann, Michael' <MAckermann@bcbsm.com>
Cc: 'Peter Gutmann' <pgut001@cs.auckland.ac.nz>nz>; 'Eliot Lear' <lear=40cisco.com@dmarc.ietf.org>rg>; 'last-call@ietf.org' <last-call@ietf.org>rg>; 'tls-chairs@ietf.org' <tls-chairs@ietf.org>rg>; 'draft-ietf-tls-oldversions-deprecate@ietf.org' <draft-ietf-tls-oldversions-deprecate@ietf.org>rg>; 'tls@ietf.org' <tls@ietf.org>
Subject: Re: [Last-Call] [TLS] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

Ow! Mike is my friend. Don't go dissing my friend!

I think the problem in communication we've just experienced is because Mike strayed away from Last Call discussion on a specific document, to asking/discussing a more general question of how IETF can better communicate with enterprises and perhaps even engage with enterprises to make it easier to operationalize protocols inside enterprise networks. I didn't see Mike suggesting any changes to the draft in Last Call, relevant to this question. ?

I'd like to suggest that maybe we could discuss this a little more on the ietf list? But not here.
I'll see what happens if I start a thread over there (ietf@ietf.org) ...
Barbara

[Let me drum up my courage first. Thinking about posting to that list is much more stressful to me than, for example, thinking about bungie jumping off the Macau Tower -- an experience I highly recommend.]

> > Barbara,
> > Thanks.
> > And I think I was aware of all you state below regarding TLS, and apologize
> for any related confusion regarding IPv6, even though, for the purposes of
> my comment, they are similar.
> >
> >
> > I don't disagree with anything you say on the TLS subject,  which is
> essentially that prior versions of TLS may be considered insecure, etc.  and
> should be deprecated.....
> 
> Shouldn't we publish a document saying that? It seems this would
> represent consensus, even your view of the issue.
> 
> >
> > My associated point is that Enterprises are generally not aware of this and
> that it is not currently on our Planning or Budget Radars.
> 
> 
> TLS 1.2 has been around for how many years? All versions of OpenSSL
> without support have been EOL for some time. How many other CVE remain
> to be found in them? FIPS, PCI etc are all very clear that old TLS is
> going away. Browsers have supported TLS 1.2 for years. So has Windows.
> This depreciation should be easy given the extent of support for TLS
> 1.2.
> 
> I bet that most services you run are already using TLS 1.2 or even 1.3
> because the client and server have been updated.
> 
> > Further, this means we are potentially years from effectively and
> operationally addressing such issues.
> 
> Let's be about it.
> 
> >    And we must do so in conjunction with Partners, Clouds, Clients and
> others.
> > And my general, overall point is that the answer to addressing the above is
> to find way(s) of making Enterprises aware and possibly assisting with
> methods of addressing.     I think I also said this  problem is not unique to TLS
> or IPv6.      More, it is a lack of understanding of how things work within
> Enterprise Networks and the lack of Enterprise engagement in Standards
> Development processes.
> > And finally, this may not be a gap that the IETF should care about or
> address, but someone should, IMHO.
> 
> Your argument against the current text seems to be the following: we
> have a problem. It is inconvenient for me that you will ask me to deal
> with the problem. Therefore I would like the problem to not be
> acknowledged.
> 
> Perhaps I am being too uncharitable. But I fail to see how softening
> the language eases depreciation, or what the consequence you fear
> happening are. You're free to continue ignoring the RFC series. But
> reality does not go away if it is ignored.
> 
> Sincerely,
> Watson Ladd
> 
> >
> > Thanks
> >
> > Mike
-- 
last-call mailing list
last-call@ietf.org
https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/last-call__;!!BhdT!1mNyW_HOYqxvO6jkrkE01zLoel9zrEb9Om34gLPLPqvikiDKKm4gJz3zSSrsDXk$