Re: [TLS] How are we planning to deprecate TLS 1.2?
Watson Ladd <watsonbladd@gmail.com> Fri, 03 March 2023 23:49 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C570AC151557 for <tls@ietfa.amsl.com>; Fri, 3 Mar 2023 15:49:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.095
X-Spam-Level:
X-Spam-Status: No, score=-7.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cF9fJhyf3Wdg for <tls@ietfa.amsl.com>; Fri, 3 Mar 2023 15:49:41 -0800 (PST)
Received: from mail-oi1-x233.google.com (mail-oi1-x233.google.com [IPv6:2607:f8b0:4864:20::233]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D1CFC14E514 for <tls@ietf.org>; Fri, 3 Mar 2023 15:49:41 -0800 (PST)
Received: by mail-oi1-x233.google.com with SMTP id bp19so3051564oib.4 for <tls@ietf.org>; Fri, 03 Mar 2023 15:49:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=VPi/IEpa260il+u7tzHS4M04qaW5w5K/HQBnQFqD6is=; b=nv16NdkQ5mDxulJzroXPUqnJjIL8rIS5CQtaWZQXFb2HBnUisWC+grHRibQGxqCUTu +2W6AfgURXwO4Jt3TdT8KkbauPNurrvF6GdYLFnjUnBzaQeTQPnGW3uKCpigHPreuce4 AUa5x2MAxbBEJ21a8VqpbmkwLXXJar/2vPSIS+fUujFj3ZqQRupW3jHqLHPXW1jjs4J0 BOAiR91wnA+p2YoU97cl9nxSNXezu5zO4V44rB0EjYzRK0uR7g4/uHbmFla5zqg7awPw wp1fHr8okZi5HXUvCgRywOMfSRqEyFfVYckOwf7nhOUsVT2uTCOyfI1KQcX1Em2Uplua SiZw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=VPi/IEpa260il+u7tzHS4M04qaW5w5K/HQBnQFqD6is=; b=2SnMXl/2lmCwbImNMNJdJNZfM1dnTLnLHaJr0p9VwO0O7Ul2vGEl5G7tQ03cGtVhnx SasCJwEYxbemIugjzO8oB9WMOjmRc8E4x15pxnFTbXDyeirzupgRfHYyGdlswWaGKksV 6X03bYCh52ZLAAANy4pk4jt0oOVDDWY2OcDiWHXUQl8+RjSajm+8TpOxvQRy1s98fTgp oJxrT5kzHg/hmG7DhE0jK7GFPAm9rtP+mV7c4nwZtU4Illgo3FYOVDXyMA4fsuL8oWTb 0qeB3ERgiYjT1DsOc7gOqgm7WnA0rjOVS/gjVtiU6AiIFpwwntpNrmg7UOGopcbueSZR zH2Q==
X-Gm-Message-State: AO0yUKVAOwpWNK2OiuO8f8zndaHWHwmbKuj4smnQWKLN8jqf01Z/Kbxd cWTFAS6IqH0ACoeIfWL0mWD6dUwfZ7yCkmycYLkGMxQi
X-Google-Smtp-Source: AK7set+Uf+ex8WpRwi9zVTTaMkloomRZbLG0zBKcWe0wXsc8mFWlWoMANtrCqO2BmZRM6Nea9QBLDMws2Qd/ngLH4vU=
X-Received: by 2002:a05:6808:2343:b0:384:87c:759b with SMTP id ef3-20020a056808234300b00384087c759bmr1052480oib.4.1677887379701; Fri, 03 Mar 2023 15:49:39 -0800 (PST)
MIME-Version: 1.0
References: <CABiKAoTN-Y2317qZi6vwyOvhMwtTjtY9wROorNXEjEEegg-zfg@mail.gmail.com> <ZAJrhV3El0QAvy6/@straasha.imrryr.org>
In-Reply-To: <ZAJrhV3El0QAvy6/@straasha.imrryr.org>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Fri, 03 Mar 2023 15:49:28 -0800
Message-ID: <CACsn0cmt+9q_uAE_72Y5ngb2k-pRa9z=8PyaxGwiRzKHChZNkA@mail.gmail.com>
To: TLS List <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ArA_vuIUaiZ9C3Bao4iNkN0QrDw>
Subject: Re: [TLS] How are we planning to deprecate TLS 1.2?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Mar 2023 23:49:44 -0000
On Fri, Mar 3, 2023, 1:50 PM Viktor Dukhovni <ietf-dane@dukhovni.org> wrote: > > On Fri, Mar 03, 2023 at 08:17:55PM +0200, Nimrod Aviram wrote: > > > Specifically, we will have to decide when/if to deprecate version 1.2 of > > TLS within, say, the next 20 years. > > 20 years is a long time. We can only reason about shorter timelines. > In the next ~5 years, I don't yet see a defensible reason to deprecate > TLS 1.2. 20 years from today we'll be dealing with products shipped out today. Doesn't it make sense to start saying TLS 1.2 will sunset at some day? The other aspect is with new standardization. Do we want TLS 1.3 only drafts for post quantum or do we need to go back and deal with TLS 1.2? Nobody is expecting this to be overnight. Sincerely, Watson > > -- > Viktor. > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls
- [TLS] How are we planning to deprecate TLS 1.2? Nimrod Aviram
- Re: [TLS] How are we planning to deprecate TLS 1.… Eric Rescorla
- Re: [TLS] How are we planning to deprecate TLS 1.… Kenneth Vaughn
- Re: [TLS] How are we planning to deprecate TLS 1.… Sean Turner
- Re: [TLS] How are we planning to deprecate TLS 1.… Bas Westerbaan
- Re: [TLS] How are we planning to deprecate TLS 1.… Ilari Liusvaara
- Re: [TLS] How are we planning to deprecate TLS 1.… Viktor Dukhovni
- Re: [TLS] How are we planning to deprecate TLS 1.… Rob Sayre
- Re: [TLS] How are we planning to deprecate TLS 1.… Peter Gutmann
- Re: [TLS] How are we planning to deprecate TLS 1.… Watson Ladd
- Re: [TLS] How are we planning to deprecate TLS 1.… Rob Sayre
- Re: [TLS] How are we planning to deprecate TLS 1.… Viktor Dukhovni