Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

"Ackermann, Michael" <MAckermann@bcbsm.com> Wed, 02 December 2020 17:33 UTC

Return-Path: <mackermann@bcbsm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 577653A14A3 for <tls@ietfa.amsl.com>; Wed, 2 Dec 2020 09:33:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.434
X-Spam-Level:
X-Spam-Status: No, score=-1.434 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); domainkeys=pass (1024-bit key) header.from=MAckermann@bcbsm.com header.d=bcbsm.com; dkim=pass (1024-bit key) header.d=bcbsm.com header.b=FMDuk0oO; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=bcbsm.onmicrosoft.com header.b=lO6oSAOt
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bgML6Iyxf-mL for <tls@ietfa.amsl.com>; Wed, 2 Dec 2020 09:33:34 -0800 (PST)
Received: from mx.z120.zixworks.com (bcbsm.zixworks.com [199.30.235.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 200003A1474 for <tls@ietf.org>; Wed, 2 Dec 2020 09:33:33 -0800 (PST)
Received: from 127.0.0.1 (ZixVPM [127.0.0.1]) by Outbound.z120.zixworks.com (Proprietary) with SMTP id 3DE85C0E9A for <tls@ietf.org>; Wed, 2 Dec 2020 10:58:09 -0600 (CST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ZIXVPM1670e2ded26; d=bcbsm.com; h=From:To:Subject:Date; b=izQaVHfcies5m/RbMoLpQDDBJ3JQlJL1u4VgSZbvFWZbed3PeMoGFrgCL9cFZJX6 LAten0MNn+Y5wjFzx2wwV5P7X6PjrSEwUOhI3gKx5rZVWNuBKWggM/4ntQDvfc n2zJikGwICLNmV2zYCAdc1fNHpD4S7+Tm2WMbVv3b/riU=;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bcbsm.com; s=ZIXVPM1670e2ded26; t=1606928289; bh=1XXEigmHBKpZSh8nKFHWnDUwaa4vcvt9TrSIR2rAnPM=; h=From:To:Subject:Date; b=FMDuk0oOSm5pbTIU11ZqAzmcs4axkQYCJsr24NFBwZABxUO3knqga7ck+Vw0fdYvW HUh12l4MjN7GxAXQW7u0RQJkncGLcQP2UqkKtegLW64u98GTCsROguXzhG68oNR1Pz VRUHjF2UL2+e5qWqO8roDF85AjDoNOI1Yvgre2BE=
Received: from imsva2.bcbsm.com (inetmta04.bcbsm.com [12.107.172.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.z120.zixworks.com (Proprietary) with ESMTPS id 26EB4C0C8F; Wed, 2 Dec 2020 10:58:07 -0600 (CST)
Received: from imsva2.bcbsm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CA4F5FE064; Wed, 2 Dec 2020 11:58:06 -0500 (EST)
Received: from imsva2.bcbsm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 92D00FE07B; Wed, 2 Dec 2020 11:58:06 -0500 (EST)
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (unknown [104.47.59.174]) by imsva2.bcbsm.com (Postfix) with ESMTPS; Wed, 2 Dec 2020 11:58:06 -0500 (EST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=V7Tcy4cX5zUsiHZLHDp+u3TLoRLIwtsWH+9Vk5xkvz+RIPAPyDIQVxaLYzY5b/APyu1XB3oZTf+xxKVk5wQpbG0beGPD1Wq29Hc6/oo5g0QKZKf/B9+CIDeDOIqJkLkIdhVROvvKYlBtfHJQ8HyiCZmKDhFP+0wpGXTvMjODjhCJMEcRsrX1NtHpP9p7g+9izF3Lme5zcRBGYSRLLUwRu7ea7cFcy+YuH3B4A6bOTSHHFRL70sXpDAZsR0qIQQvOO/5uSINd/Ky2yVecpH3f85fT58ZOWNtkmANcIKOP5ZdgqQ0KFIaL2IfLULel2yGJcF7NIV6awyth9WyEuTYA9g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yQ5n5EpCGrs1lrA0yIxgEwSYEO4+7QywqvhEJPrmqF4=; b=LYTYfvmQ7dZsqgloQNo+qP0hzmFNRVG9TtzkoDtszfF4R12pCMUo8xWbf/RXIeRMGbp38FJXcOlC8QC1kpy9SHMc3Ux3zYw5REujT0a/EUFATw2PXkwp6zX2HQZ8q3neQ+AnLzEd7iiNoq/gN7oXHLmGQToCMCwcAJCl5N0WVReYeHzsLdxpYbu9LLSHGQlUBSN3xu9mpOIgThhO9a/zGcECkpVPmOFRtS996sZ3cMse5jH+FnkcFuwzMrNdwMevlZQgkr3nalEAqezqIl7h0+E7a566/p5/xc3TUSdQn+XzvRay9S7fzBA0LA6RUXrlOPYueX2Q1EBc7fWNLpw9kw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=bcbsm.com; dmarc=pass action=none header.from=bcbsm.com; dkim=pass header.d=bcbsm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bcbsm.onmicrosoft.com; s=selector2-bcbsm-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yQ5n5EpCGrs1lrA0yIxgEwSYEO4+7QywqvhEJPrmqF4=; b=lO6oSAOtpON/+I1wWpUhJnSuwOsGxqUD325Ze8HTcmyE2GPBQBdpoRmJoeG4vOBHZe4zfEQjEwf40OdoMujSXW/k1hhHNWng58xBDMSHLzDDxZYRZDVqyfjrH9b0abBCxn5xyI9OuKFp01GI6b1/5P8FHLB+lP++Q8hZBevYXg4=
Received: from BYAPR14MB3176.namprd14.prod.outlook.com (2603:10b6:a03:dc::32) by BYAPR14MB2438.namprd14.prod.outlook.com (2603:10b6:a02:b2::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.17; Wed, 2 Dec 2020 16:58:04 +0000
Received: from BYAPR14MB3176.namprd14.prod.outlook.com ([fe80::1520:c83a:49d8:f79e]) by BYAPR14MB3176.namprd14.prod.outlook.com ([fe80::1520:c83a:49d8:f79e%4]) with mapi id 15.20.3611.025; Wed, 2 Dec 2020 16:58:04 +0000
From: "Ackermann, Michael" <MAckermann@bcbsm.com>
To: "STARK, BARBARA H" <bs7652@att.com>, 'Eliot Lear' <lear=40cisco.com@dmarc.ietf.org>, 'Peter Gutmann' <pgut001@cs.auckland.ac.nz>
CC: "'draft-ietf-tls-oldversions-deprecate@ietf.org'" <draft-ietf-tls-oldversions-deprecate@ietf.org>, "'last-call@ietf.org'" <last-call@ietf.org>, "'tls@ietf.org'" <tls@ietf.org>, "'tls-chairs@ietf.org'" <tls-chairs@ietf.org>
Thread-Topic: [TLS] [Last-Call] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice
Thread-Index: AQHWx3wfv3qMkbrqc0yfLCitcBgXEanh+dWAgABeAQCAAAivgIABQK+AgAACzACAAEA48IAAGsEAgAAI90A=
Date: Wed, 2 Dec 2020 16:58:04 +0000
Message-ID: <BYAPR14MB31765FD24F4DFD90F81AEE2BD7F30@BYAPR14MB3176.namprd14.prod.outlook.com>
References: <160496076356.8063.5138064792555453422@ietfa.amsl.com> <49d045a3-db46-3250-9587-c4680ba386ed@network-heretics.com> <b5314e17-645a-22ea-3ce9-78f208630ae1@cs.tcd.ie> <1606782600388.62069@cs.auckland.ac.nz> <0b72b2aa-73b6-1916-87be-d83e9d0ebd09@cs.tcd.ie> <1606814941532.76373@cs.auckland.ac.nz> <36C74BF4-FF8A-4E79-B4C8-8A03BEE94FCE@cisco.com> <SN6PR02MB4512D55EC7F4EB00F5338631C3F40@SN6PR02MB4512.namprd02.prod.outlook.com> <1606905858825.10547@cs.auckland.ac.nz> <EEFAB41B-1307-4596-8A2E-11BF8C1A2330@cisco.com> <BYAPR14MB31763782200348F502A70DA4D7F30@BYAPR14MB3176.namprd14.prod.outlook.com> <SN6PR02MB4512B95842251AE4C04B199CC3F30@SN6PR02MB4512.namprd02.prod.outlook.com>
In-Reply-To: <SN6PR02MB4512B95842251AE4C04B199CC3F30@SN6PR02MB4512.namprd02.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: att.com; dkim=none (message not signed) header.d=none;att.com; dmarc=none action=none header.from=bcbsm.com;
x-originating-ip: [165.225.0.109]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 0f541e8f-1638-407c-771a-08d896e36f5d
x-ms-traffictypediagnostic: BYAPR14MB2438:
x-microsoft-antispam-prvs: <BYAPR14MB2438F1DE2193581022A247BDD7F30@BYAPR14MB2438.namprd14.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: tsaWjx1ttovoo4eP4aBzdwtFmQMB/9N7FZk4gEoU495uVWbS+mRZr+w6rnIxF8lg2zc5y7aA3ydf03rUQ56lVmLa39KIo9R07B/FTt5drbnxqfqHZljJBiY/360xFcp9koUOhBDt7yLVFB6hK3J2Mp63gIzJA5KCCNlAQG0+gizNyB86CW4TZgPUAQ/nIRfYOXX0i+C5hVR9Wb4I52qTellJc8D3gtrNFb3BxVQ/wAq0uNKJBPBPg6JwlijpgpqyghmY9b0dIlY7xEHcfLO8Kctn9MJRJWr59D3aH/kH6rDIR/kildoQK5XvoVdbdBpcCH/vIxUdAC8l36m6PycHQsTviMA9zOZkg0hOJDidhGh1v5gAuWCsqP98lQRZJyDAyA+zwSL0V68D12w7iGgLuutxI0fsawRD0JZostzIcMmOZAobngpyKWyvgo0qHIFkixKwm68u6U/djX9ben7KSQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR14MB3176.namprd14.prod.outlook.com; PTR:; CAT:NONE; SFS:(136003)(366004)(346002)(376002)(39860400002)(396003)(8676002)(2906002)(316002)(54906003)(110136005)(55236004)(52536014)(7696005)(71200400001)(8936002)(4326008)(5660300002)(53546011)(6506007)(83380400001)(83080400002)(9686003)(478600001)(55016002)(86362001)(66946007)(66556008)(66476007)(76116006)(33656002)(26005)(186003)(64756008)(66446008)(966005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: =?utf-8?B?VVdTNXFLbVYwQzRkREJXdU5hYzlERnZ3ZktmbzdOSFFWMDdxQUE2UHFZUTBt?= =?utf-8?B?blZxaEFuNlBZNXA1bGh5N1hHY3o5RVB0bjRlY1VyT29DaDdNci9oU0dvMXVL?= =?utf-8?B?SGdvaTFCUWV0MFptamJWL28zSnpRZUtBU2E3aTY1NlBpUDIvS3NsUTRwV2ha?= =?utf-8?B?ckx6OTV6WWJMT0RkN0IrSFdyWUFpcW9SSElkd2tlYXoyVE84Rm9hQTJnT3Av?= =?utf-8?B?bU9mUWtlZktKZWcyUmhrV3hSQnVNNjVLNXI0cnpBZ292bm5WcGhnT0cza05v?= =?utf-8?B?RVU3OVhSamJhVVlWV0s1aloxaWdFNldXZXZKM1ZRZ0ltMU9idG5pYzlIWjcv?= =?utf-8?B?OHZsYVBDd01BK25wUENIYm1UUmVoWkZxN0VncHRoSXo5QUNzNndaMnoxM1hJ?= =?utf-8?B?dWpXdEVRSDdyYzl1dkYwQm9QbWhvV1ErQmFkeGlRYmNBa3ZyZ2lzQW5VYkRW?= =?utf-8?B?NWVReCtPdmVOQ251QURVUmdVUVZuYnF4SFBEczJzMnZPVWRwN3lxL0JzRW1M?= =?utf-8?B?ajhFNERLSGJwNHR4eTdUUE81aFJrUG5VVzVnQ0NyVEdRZTB0NkZtNHIzOERi?= =?utf-8?B?bXNmNXVtMXJNc3RSYk1zSXpoTlZMVStzaFNRcUNESFBkYjNuTHhJMkxvQmht?= =?utf-8?B?b0I2RzU2cnR5NEJxaGJrdm81MFVIS3FsejhtWGpFMFhFL0xwOEVCdjhTSWZj?= =?utf-8?B?UDhoN3ZqcmtDNXozUDROdzlxSVBsQktSK21GNE9ua3VCeFY5aEk4SVJaZVVH?= =?utf-8?B?ZXF5NnRmME41TlNRWDdUcEx4WGF4K2E5eEtUREw5ak9mTFAxMmhqb25NelB2?= =?utf-8?B?Z200Rk5QbWJZdXpsUWpUM1hTUW1WeWhxWkVxbmNKRlFrUTFjdjVTVXJDdGFz?= =?utf-8?B?RjVBUUxKcGVNbmd6WEMyRXlrd1k2OEdxRUJtZDdWR0JJRG1lSDA0L08xL05o?= =?utf-8?B?UXBFYk1saEtRVEVFVE9rUmUwVGtOZlJUdHV3WE1RT1YyZHJhUjVDdllobE5L?= =?utf-8?B?MStIb2lMbW9hVEpyclhRZEpBZDJzUHhMWkEwdnZrOXNVaHg0Q1lyR1kxQkV1?= =?utf-8?B?MFBDOEtPTDMycEpCZ09SeVVWanVpc2YrZlVRT1FVYlhIZC9hUXJTMDdCT2lB?= =?utf-8?B?dzAwM0N0bmFOejEyUS84K0NuVzBBK2tDQ3pHcEtacFgrdXF6MC8yZVluOTlo?= =?utf-8?B?anZ2bElqMHVPa3k1U2JjS2VTWXo2aWh6bExlOXJoWVF0MXc1VGhWM3lzakE2?= =?utf-8?B?NlRNWUVTb1g3TnEwSS9vckRYem40MlVMT2hoM0NKTkZickxKL3NyRTBURHBC?= =?utf-8?Q?SgKPvu2GT2/Rw=3D?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: bcbsm.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR14MB3176.namprd14.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0f541e8f-1638-407c-771a-08d896e36f5d
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Dec 2020 16:58:04.1634 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 6f56d3fa-5682-4261-b169-bc0d615da17c
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 71RUYtYCkaXk78SON+DStjG/9hAIcUvp+fZUYKhHTp094hjUZwLXRfR4ltkCuCc0En7OLDrnlthO24zviGR5/w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR14MB2438
X-TM-AS-GCONF: 00
X-VPM-HOST: vmvpm02.z120.zixworks.com
X-VPM-GROUP-ID: b9ec0c37-8b00-46e6-b54d-fe7e84cdd644
X-VPM-MSG-ID: d5dc58c1-1943-4ba0-9f13-30ae60745fe9
X-VPM-ENC-REGIME: Plaintext
X-VPM-IS-HYBRID: 0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/_WKObqJ0qqUet58f3nCg-GDZKMI>
Subject: Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2020 17:33:36 -0000

Thanks Barbara,
My responses are inline below. 

-----Original Message-----
From: STARK, BARBARA H <bs7652@att.com> 
Sent: Wednesday, December 2, 2020 11:20 AM
To: Ackermann, Michael <MAckermann@bcbsm.com>om>; 'Eliot Lear' <lear=40cisco.com@dmarc.ietf.org>rg>; 'Peter Gutmann' <pgut001@cs.auckland.ac.nz>
Cc: 'draft-ietf-tls-oldversions-deprecate@ietf.org' <draft-ietf-tls-oldversions-deprecate@ietf.org>rg>; 'last-call@ietf.org' <last-call@ietf.org>rg>; 'tls@ietf.org' <tls@ietf.org>rg>; 'tls-chairs@ietf.org' <tls-chairs@ietf.org>
Subject: RE: [TLS] [Last-Call] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

[External email]


Hi Mike,

> As an Enterprise person I can say we are not well equipped to be aware 
> of nor react "Nimbly" to changes such as this.  Wide scope and 
> security related changes can require major changes to core Business 
> systems.  This can mean significant time, effort and/or $$$.

I have to disagree with you. In my experience, enterprises have shown themselves to be extremely well-equipped and capable of ignoring (and even being blissfully unaware of) IETF RFCs wrt their internal networks when they so choose. For example, IPv6 deployment. 😊
NOT SURE WHAT WE ARE DISAGREEING ABOUT HERE?    ENTERPRISES BEING UNAWARE IS A ONE OF THESE REASONS THAT THIS TOPICS ARE NOT ON OUR PLANNING RADAR OR IN PROJECTED BUDGETS.  
But the fact that the US government (and other governments) have already deprecated use of these technologies inside govt networks is probably something enterprises who do business with governments can't ignore (unlike IETF RFCs).     
I ALSO AGREE (AND HOPE!!)  THAT THE US GOVT MAKING STATEMENTS ABOUT IPV6, MAY HELP GET THE ATTENTION OF ENTERPRISES.  

> The biggest barrier is that this topic is not currently on the 
> Planning or Budget radar at all, and usually takes 1-2 years (or more) to achieve either.

I see no barrier to enterprises ignoring IETF RFCs wrt their internal networks.
But I'm surprised that US enterprises who contract with the US federal govt wouldn't have put this on their radar long ago, since the NIST first draft proposing deprecating these appeared 3 years ago, and the NIST SP 800-52 Rev. 2 final version (officially deprecating them) was published over a year ago.
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r2.pdf
See Section 3 for minimum requirements for TLS servers and Appendix F for a specific discussion of TLS 1.0 and 1.1 client support.  
WHAT THE US GOVT DID SEVERAL YEARS AGO, DID NOT MOTIVATE MANY, IF ANY ENTERPRISES TO DEPLOY IPV6 THAT I AM AWARE OF.   It  BASICALLY GOT IPV6 INTO LIFECYCLE INITIATIVES,  WHICH IT ALREADY WAS.  THIS IS NOT USING IPV6 THOUGH. 

> On one side of such issues, I don't think IETF understands the above 
> and on the other side Enterprises are unaware of developments at IETF and other
> SDO's.    Bridging that important gap is not unique to this topic.

This IETF BCP will be very easy for enterprises to ignore wrt their internal networks.
There is no need for enterprises to be aware of this BCP. But it may behoove some enterprises to be aware of documents their govts have published.
MY CONCERN IS THAT VENDORS DEPCRECATE VERSIONS OF TLS FROM  PRODUCTS OR SERVICES, BEFORE WE ARE OPERATIONALLY READY TO SUPPORT RELATED ENVRIONMENTS.  
Barbara

> -----Original Message-----
> From: TLS <tls-bounces@ietf.org> On Behalf Of Eliot Lear
> Sent: Wednesday, December 2, 2020 5:54 AM
> To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
> Cc: draft-ietf-tls-oldversions-deprecate@ietf.org; last-call@ietf.org; 
> STARK, BARBARA H <bs7652@att.com>om>; tls@ietf.org; tls-chairs@ietf.org
> Subject: Re: [TLS] [Last-Call] Last Call: 
> <draft-ietf-tls-oldversions-deprecate-
> 09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice
>
> [External email]
>
>
> > On 2 Dec 2020, at 11:44, Peter Gutmann <pgut001@cs.auckland.ac.nz>
> wrote:
> >
> >
> > It's actually the complete opposite, they will have every difficulty 
> > in doing so.  You've got systems engineers whose job it is to keep 
> > things running at all costs, or where the effort to replace/upgrade 
> > is almost insurmountable, who now have to deal with pronouncements 
> > from standards groups that insist they not keep things running.  I 
> > don't know where you get this idea that this will cause "no difficulty"
> > from, it's a source of endless difficulty and frustration due to the 
> > clash between "we can't replace or upgrade these systems at the 
> > moment" and "there's some document that's just popped up that says 
> > we
> need to take them out of production and replace them”.
>
>
> That is as it should be.  Let everyone understand the risks and make 
> informed decisions.  This draft does an excellent job at laying out 
> the vulnerabilities in TLS 1.0 and 1.1.  What it cannot do is 
> adjudicate risk in every situation.  If someone has done so and 
> decided that the risk is acceptable, very well.  They went in eyes wide open, and Stephen and friends helped.
>
> Eliot
>
>
>
>
>
>
> The information contained in this communication is highly confidential 
> and is intended solely for the use of the individual(s) to whom this 
> communication is directed. If you are not the intended recipient, you 
> are hereby notified that any viewing, copying, disclosure or 
> distribution of this information is prohibited. Please notify the 
> sender, by electronic mail or telephone, of any unintended receipt and 
> delete the original message without making any copies.
>
>  Blue Cross Blue Shield of Michigan and Blue Care Network of Michigan 
> are nonprofit corporations and independent licensees of the Blue Cross 
> and Blue Shield Association.


The information contained in this communication is highly confidential and is intended solely for the use of the individual(s) to whom this communication is directed. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information is prohibited. Please notify the sender, by electronic mail or telephone, of any unintended receipt and delete the original message without making any copies.
 
 Blue Cross Blue Shield of Michigan and Blue Care Network of Michigan are nonprofit corporations and independent licensees of the Blue Cross and Blue Shield Association.