Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1.1"

Kathleen Moriarty <> Thu, 02 May 2019 16:58 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E81F4120470 for <>; Thu, 2 May 2019 09:58:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ZYC0ESh3QROn for <>; Thu, 2 May 2019 09:58:51 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::336]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 8AB6B120486 for <>; Thu, 2 May 2019 09:58:51 -0700 (PDT)
Received: by with SMTP id d24so2707081otl.11 for <>; Thu, 02 May 2019 09:58:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=OcHoVEb0OH1tbuaiDPoIdXmoeMmFPEQNI9uMXzbslwM=; b=LrruMnLmv2JMTxTq03QCe+DDBbKcdRdKg+40Uy3pXFDUpG7XJgtEFwLicCdJn2F7Nw fF0pcH6A+JJw3KSamSWXrFx+kRKWB1puYL0kcrF8N5QgL8lw39Y+fOLTQ/ZYH0/Y20VI xgSyAYTrG2hys6rg0TTlJrDrEaar3i1IzOF1gFbFT5mxaBCwctG25TtVWX7pEAC/jEae 1JHdgYLRtBNG2R65AJZ2P+jrcs2ghZKC4NjGOE4DA7HkFEvqxg4LiV0sUZ41hqmw+E9z k6UTBqp81fxFtp6GJsOKAKFEwbjJAX1OErUDEegfL3KgkIEF5PkoKHjaadRRBz9yzzb2 wKxg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=OcHoVEb0OH1tbuaiDPoIdXmoeMmFPEQNI9uMXzbslwM=; b=rt2AuxrLLHfu7r6JTM8fxiPAv7l5WC5c8Y3O21E4FhyOrsqbxv4gczXljJ/O0yD71n OyJq/DVnIvEaO7rAJiJ9UF+ErcLxOD/zH9mNygAnSP0rSHT9qN4xusTKAKJ1Fmk5jJSK sSRWnrUVOHECIuAOccjjE45V6TJ80yaRX3lOyb2nGgQ/B1wOGFAzWm9Dr025QiPWbWJO 5jHDOoA3g782uRv8isfJrZFrYDQJuG4NtwPK367o0vaJlVYy9/zk94e/Tl79JjlOPbL2 HiEjKJvO2w2cfoVySPsGvVe2rPa60X1EpTOZ2nmi74J8qNourtM1VFZgKhgrGdOAQNn7 HG7Q==
X-Gm-Message-State: APjAAAVbfgXDNbBlih/TUg5kl3sld2WjFq62NcXmxSY2DtZCJgJo5W+M c8xK5ef0fHyMezipobGRNmtQLqM7FE7DUKU56Aao06+iKeg=
X-Google-Smtp-Source: APXvYqyd5hzhq7/yx0AH9pltLdbPni2s9Fs+Xj9qp5Y3fHSY9kBEJh9ekO9CT7PlTtVYTBLBADEy2B1qxmx34pOpPL8=
X-Received: by 2002:a9d:72c8:: with SMTP id d8mr3268376otk.149.1556816330939; Thu, 02 May 2019 09:58:50 -0700 (PDT)
MIME-Version: 1.0
References: <> <>
In-Reply-To: <>
From: Kathleen Moriarty <>
Date: Thu, 2 May 2019 12:58:13 -0400
Message-ID: <>
To: Gary Gapinski <>
Cc: "<>" <>
Content-Type: multipart/alternative; boundary="00000000000062e30d0587ea8cbf"
Archived-At: <>
Subject: Re: [TLS] WGLC for "Deprecating TLSv1.0 and TLSv1.1"
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 02 May 2019 16:58:54 -0000

Hi Gary,

Thanks for your review and support.  I'll respond inline and if Stephen
disagrees, he will chime in :-)

On Wed, Apr 24, 2019 at 9:51 AM Gary Gapinski <gary=> wrote:

> On 4/12/19 7:28 PM, Christopher Wood wrote:
> This is the working group last call for the "Deprecating TLSv1.0 and TLSv1.1” draft available at:
> Please review the document and send your comments to the list by April 26, 2019.
> I think the document should be published.
> I agree with Martin Thomson's observation that the SP 800-52r2 quotes in
> Section 2 are a bit prolix considering the relatively small content that
> would remain if excised, and that NIST document has been in draft for a
> prolonged time (reducing its authority). The quotes imply but do not demand
> disuse of TLS 1.0 and TLS 1.1, and could inadvertently be interpreted to
> mean that use of TLS 1.2 rather than TLS 1.3 is sinful.

I had interpreted Martin's comment's a little differently and cut out other
text.  Hmm, for the NIST quotes, I see this as providing the supporting
reasons and their recommendations not being the same as the recommendations
in this draft.  I think by the updated text Marten suggested on "updates",
this point is addressed, but please let us know if you feel otherwise.

> An additional (congenial) informative reference could be BSI TR-02102-2
> found at
> which in §3.2 states "TLS 1.0 and TLS 1.1 are *not recommended*".

Thank you for the reference, it's probably bets to have a couple of sources
here.  I included the following text with the pdf reference included in the
working copy:

The German Federal Office for Information Security, recommends against use
of TLS versions less than 1.2 in the publication <xref
>Cryptographic Mechanisms: Recommendations and Key Lengths</xref>

Best regards,

> Regards,
> Gary
> _______________________________________________
> TLS mailing list


Best regards,