Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1.1"

Viktor Dukhovni <> Fri, 26 April 2019 21:28 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 626F312060C for <>; Fri, 26 Apr 2019 14:28:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id jzD2b1a3GnSR for <>; Fri, 26 Apr 2019 14:28:40 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 763D0120611 for <>; Fri, 26 Apr 2019 14:28:40 -0700 (PDT)
Received: from [] (unknown []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id B0C362B025B for <>; Fri, 26 Apr 2019 17:28:39 -0400 (EDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\))
From: Viktor Dukhovni <>
In-Reply-To: <>
Date: Fri, 26 Apr 2019 17:28:39 -0400
Content-Transfer-Encoding: quoted-printable
Reply-To: IETF TLS WG <>
Message-Id: <>
References: <> <> <> <>
X-Mailer: Apple Mail (2.3445.104.8)
Archived-At: <>
Subject: Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1.1"
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 26 Apr 2019 21:28:54 -0000

> On Apr 26, 2019, at 11:24 AM, Salz, Rich <> wrote:
> If they haven’t already moved off TLS 1 then maybe this document will give the right people a push to do so.
> Nobody is going to arrest an MTA for non compliance.

Of course.

And as I said, I'd like to see the document move forward, I just
wanted to see whether there was any appetite for adding some
operator guidance.  It's not an issue of internet policing,
rather it is a question of whether there should advice for
operators who are considering disabling the legacy protocols.

The sound-bite version is: first raise the ceiling, *then* the floor.

The advice would therefore be for everyone to first make sure that
their systems support at least TLS 1.2, and not just the now deprecated
versions.  And then check whether the same holds true for their application
ecosystem and if so disable the protocols at that time.

In unauthenticated opportunistic TLS where cleartext is used when TLS
handshakes fail, removing support for TLS 1.0 can reduce security in the
short term (some messages needlessly going in cleartext).  Yes, this may
be what it takes to finally get the long tail procrastinators to upgrade.

The operational question then boils down to timing: when is your application
ecosystem ready to drop the training wheels.

Anyway, it does not look like there's much interest in adding operational
considerations, which users will then perhaps learn about elsewhere if
need be.  That's fine...