Re: [TLS] How are we planning to deprecate TLS 1.2?
Viktor Dukhovni <ietf-dane@dukhovni.org> Sat, 04 March 2023 05:35 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78D93C151549 for <tls@ietfa.amsl.com>; Fri, 3 Mar 2023 21:35:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pNkPYr74vhyK for <tls@ietfa.amsl.com>; Fri, 3 Mar 2023 21:35:18 -0800 (PST)
Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BEF2CC151527 for <tls@ietf.org>; Fri, 3 Mar 2023 21:35:18 -0800 (PST)
Received: by straasha.imrryr.org (Postfix, from userid 1001) id F3A56121EE9; Sat, 4 Mar 2023 00:35:16 -0500 (EST)
Date: Sat, 04 Mar 2023 00:35:16 -0500
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <ZALYlDCzIP7PAW1G@straasha.imrryr.org>
Reply-To: tls@ietf.org
References: <CABiKAoTN-Y2317qZi6vwyOvhMwtTjtY9wROorNXEjEEegg-zfg@mail.gmail.com> <ZAJrhV3El0QAvy6/@straasha.imrryr.org> <CACsn0cmt+9q_uAE_72Y5ngb2k-pRa9z=8PyaxGwiRzKHChZNkA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CACsn0cmt+9q_uAE_72Y5ngb2k-pRa9z=8PyaxGwiRzKHChZNkA@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/GLswfUGanQA7Nn1QTsHnUfT0vZQ>
Subject: Re: [TLS] How are we planning to deprecate TLS 1.2?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Mar 2023 05:35:19 -0000
On Fri, Mar 03, 2023 at 03:49:28PM -0800, Watson Ladd wrote: > > 20 years is a long time. We can only reason about shorter timelines. > > In the next ~5 years, I don't yet see a defensible reason to deprecate > > TLS 1.2. > > 20 years from today we'll be dealing with products shipped out today. > Doesn't it make sense to start saying TLS 1.2 will sunset at some day? Products shipped today will typically support and prefer to negotiate TLS 1.3, the ones that choose to not implement TLS 1.2 probably have a reason for that choice. The more positive message is encourage adoption of TLS 1.3 in all market segments where it is applicable. TLS 1.2 does not look so broken that we need to apply a stick rather than offer a carrot. -- Viktor.
- [TLS] How are we planning to deprecate TLS 1.2? Nimrod Aviram
- Re: [TLS] How are we planning to deprecate TLS 1.… Eric Rescorla
- Re: [TLS] How are we planning to deprecate TLS 1.… Kenneth Vaughn
- Re: [TLS] How are we planning to deprecate TLS 1.… Sean Turner
- Re: [TLS] How are we planning to deprecate TLS 1.… Bas Westerbaan
- Re: [TLS] How are we planning to deprecate TLS 1.… Ilari Liusvaara
- Re: [TLS] How are we planning to deprecate TLS 1.… Viktor Dukhovni
- Re: [TLS] How are we planning to deprecate TLS 1.… Rob Sayre
- Re: [TLS] How are we planning to deprecate TLS 1.… Peter Gutmann
- Re: [TLS] How are we planning to deprecate TLS 1.… Watson Ladd
- Re: [TLS] How are we planning to deprecate TLS 1.… Rob Sayre
- Re: [TLS] How are we planning to deprecate TLS 1.… Viktor Dukhovni