Re: [TLS] I-D Action: draft-ietf-tls-oldversions-deprecate-01.txt

John Mattsson <john.mattsson@ericsson.com> Sat, 09 March 2019 20:05 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C01B812D550 for <tls@ietfa.amsl.com>; Sat, 9 Mar 2019 12:05:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=ZH0oc5+K; dkim=pass (1024-bit key) header.d=ericsson.com header.b=blGB6qlK
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y5QL9TB7-xJN for <tls@ietfa.amsl.com>; Sat, 9 Mar 2019 12:05:00 -0800 (PST)
Received: from sesbmg22.ericsson.net (sesbmg22.ericsson.net [193.180.251.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F8CF1224E8 for <tls@ietf.org>; Sat, 9 Mar 2019 12:04:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/relaxed; q=dns/txt; i=@ericsson.com; t=1552161897; x=1554753897; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=+pQ5TwzCfeW5lfCQWL0Ck4dvA3kSrGgNoD9IZT/OGmM=; b=ZH0oc5+KvssOpapTxnypvVqqKTqEnJ3quPNZACIRdYsXpwVm1s0uhGzR5szrQRSA k+3MQaTmUQBC0EhSZgxRcxMoLPHwNUd84f9vlKcx2/ekceOtAWrW7lYM+EkEAabz rARGWApJzThuDb38tfERN8PbRtOICdOr92W/TbFOH5g=;
X-AuditID: c1b4fb30-f93ff7000000355c-a6-5c841c692075
Received: from ESESBMB503.ericsson.se (Unknown_Domain [153.88.183.116]) by sesbmg22.ericsson.net (Symantec Mail Security) with SMTP id 96.06.13660.96C148C5; Sat, 9 Mar 2019 21:04:57 +0100 (CET)
Received: from ESESBMB504.ericsson.se (153.88.183.171) by ESESBMB503.ericsson.se (153.88.183.170) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Sat, 9 Mar 2019 21:04:57 +0100
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (153.88.183.157) by ESESBMB504.ericsson.se (153.88.183.171) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Sat, 9 Mar 2019 21:04:56 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+pQ5TwzCfeW5lfCQWL0Ck4dvA3kSrGgNoD9IZT/OGmM=; b=blGB6qlKbjJICQ7cTkwz3cbCwyBQvtsVJnQh626+nPDRZ/Txvh2P4WQysymtLFWeeMngSaHucPDByLibbrWPmq97nZPqh1YlQsfTpz7cRaYtRzdv1OoztUKSeqhjBlRfa97EMiEUYS7KZGJsqeqniFnvWmyVETLzMByZssusZbg=
Received: from HE1PR07MB4169.eurprd07.prod.outlook.com (20.176.166.22) by HE1PR07MB4249.eurprd07.prod.outlook.com (20.176.166.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1686.15; Sat, 9 Mar 2019 20:04:54 +0000
Received: from HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::ace2:9258:766:85a8]) by HE1PR07MB4169.eurprd07.prod.outlook.com ([fe80::ace2:9258:766:85a8%3]) with mapi id 15.20.1709.010; Sat, 9 Mar 2019 20:04:54 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] I-D Action: draft-ietf-tls-oldversions-deprecate-01.txt
Thread-Index: AQHUdyQNHE9heMDn6kGd04PAAeP/dKVFW3AAgL3H6ACAAQGBgIAAZFqA
Date: Sat, 09 Mar 2019 20:04:54 +0000
Message-ID: <404EBF8A-69EF-4C96-8CBF-F5AC4B57F56D@ericsson.com>
References: <154165491176.26419.11906807559515385277@ietfa.amsl.com> <62386296-c674-44ef-65b0-e3ced823eb92@cs.tcd.ie> <09181304-3B39-464D-B98A-E7C109701507@ericsson.com> <3ff85a18-d32c-c22c-2def-43d7f55fec79@cs.tcd.ie>
In-Reply-To: <3ff85a18-d32c-c22c-2def-43d7f55fec79@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.16.1.190220
authentication-results: spf=none (sender IP is ) smtp.mailfrom=john.mattsson@ericsson.com;
x-originating-ip: [82.214.46.143]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 72b40d55-586c-4dc4-94ce-08d6a4ca7f5c
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(2017052603328)(7153060)(7193020); SRVR:HE1PR07MB4249;
x-ms-traffictypediagnostic: HE1PR07MB4249:
x-ms-exchange-purlcount: 8
x-microsoft-exchange-diagnostics: 1;HE1PR07MB4249;23:14njz4jU3h/sGIFTSmsOdx7Ikwbem2PgyJH0r0IIMfqS5KjrB7NqInZU8RZgmVrk4e+mFbtLGWSfczaKOUz4kv7Fv360r7fInSejxtyqYNoBK34VXfm/giGXamZrKW2jk7SrsViv1zAvr+0Hnw563o68Ucfhh9zI63B3X0zG076CDbgR+kl1WmHPP4aLRuF/KJkhbhJNN5GuTVrfnG+9OJzzZBJl+4c1ByTX6uOPUiw0ALxa8hOSunCZ+aifiOf1uLPM3GdmQo3QP6oLnWg4bn8HzwOBCBSEkzYYTwu/c9k8uxmOCM3vBhPsNWYDSPTXH6KJg6k6yyZBvSU4Yn9lsznA27arzh7x1qJBJpJJJV7WcVMJi9/ZU8426Rrh4MKX+sQhu9QW77Ud1DyaLKkg7ML+9EaTPmf32jdrqIEc3Joe+SO85539Q/ZItKowbBGUAC3BX/NgVdWNz5d+D25LUQ974NHioDy3SuIcq77JNiAd/BWfzHUZ/raEok6tQA1lRw8VaywnUU4fgp/HllzbeItz2yZNNXWYErmn2lYprqcvL3w1MrNdnYT6F/ibHuA2F8QhR9gY2r301of+U9+RgUlImjfNKoMABKitkO8OHmIh+090lf0BsimdmWIAUA7E8mKqChnWubuy75QRzdIWqjfi2Za/C6u8DWznLm7Q1sxk82GnIze6VmUHX6yngTofElB3lHrnNPuU8/Ww6Fci216Xp1In/fyU9M4jyYRI6NZQBFd5je7sK5daDaOaTXjM4qi4y1/DQNlMPa5kVcG+MCWy8PhrT16ORKlNOhiyrR352mfgNNmz9N+3x1tu97eMTPOzarQ2dkEPxyrKpjlLV0Dt7VOtOIVljMUmU5eRZRmLGmg4zU68MwRr29JP46IIfQZyxLHwxgesd5u83NttrrhJHrPcP4uBiI0qwyr5bzAek4aNhJlGRX/WgJaVrI+fAZCA/F5IQfu40JEJVt49K3gI9jrP7Z+ULDjUEB6Dq1IVgxtFV/z8dFD3mE572HU1XvmG8xDuOJv44f00bsog+oG4c7ij6zPTx68dt3lXPqz9sQJBe0/M9ARFvg8D+4us1xjAYtnHNTWtQrxmS9+b686006dgTPhi/P0OgsDnuQiewaU9XWhSuKJBdUwFEPylRJneHM7yvpRbqESokhSsv4/XcA8F/ahpd021idof6K1hXo/W7rUSKpFuvo0xMYE+1D2niM70HQdDXq9phZlZB8D4KFhCivkNFfwx/5JcmZXcmkwZ6rS3H11l1CHLjqG8JvRj5ao+0XiyqfOui3Z5nRqjM9UADOPHIX71saRrYFk6pCeMhgGTeDx7j4KpJT1AmLCFSUO2EKU3yL/w/J8xN5Mly95/nV0TarLAElTk61gphhoogdnBkLcrZumkzbPrQWJFRbrb3mx6LrD3qRHrwA9LcjtssALR2+qStBl/3Wg=
x-microsoft-antispam-prvs: <HE1PR07MB42492FCA36FDCF84A7CB1525894E0@HE1PR07MB4249.eurprd07.prod.outlook.com>
x-forefront-prvs: 0971922F40
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(136003)(39860400002)(396003)(346002)(376002)(51444003)(199004)(189003)(13464003)(6506007)(486006)(316002)(110136005)(53546011)(36756003)(83716004)(6246003)(2501003)(33656002)(93886005)(5660300002)(71190400001)(71200400001)(53936002)(102836004)(58126008)(3846002)(6116002)(2906002)(25786009)(99286004)(66066001)(66574012)(296002)(6436002)(82746002)(7736002)(2616005)(476003)(966005)(26005)(8676002)(6486002)(478600001)(446003)(81156014)(6512007)(44832011)(305945005)(81166006)(6306002)(8936002)(229853002)(97736004)(256004)(14454004)(186003)(76176011)(86362001)(11346002)(106356001)(68736007)(14444005)(105586002); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB4249; H:HE1PR07MB4169.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: uWv7Bk2axTrt8UtLNm0/WznCZll/XvpVtphw3kZlSAqIFkOfzl1pMfhqv8WDeqLh7Nwl8ZkGrjI3S5FPABq0za7NCD8i9kKnMRaeIazMZ5j4cXSVK6JAKJgwQ1c/SIv8JFpU72hj3WvdTUWKPvSODgLJlQ6Va/UB6pZWFcmONhR2/HKAL67HpT69Yo+EPY6IoQ5g0/M7/wxwr5P8ytCcgOSZNKKr56vpbAjSlaFWO3SgNvighXGJBKdVWPRLV9lUOJ2wn/DR7uqgy/kUk7zc9GbxfCw+exy68qC/JMvPl/dYnxURxrVjgcoAtLixnbExdKzBqd5YLmqLAAPp9cysf4w+t9mSch/4ap5VjtDSNQoJRrOqBZntsyoHt3kvU6Nogi+NFt8AlAqVM54Z+EB/V90VXvSIIg0QxkTaZ3L7CPU=
Content-Type: text/plain; charset="utf-8"
Content-ID: <5597FD956115324D963CEE1ADBAA97FC@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 72b40d55-586c-4dc4-94ce-08d6a4ca7f5c
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Mar 2019 20:04:54.5195 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB4249
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA02SbUhTURjHOffebdfR4Di3fDKFXBEl5JZUKFkaQolSRFlUaDXzpsu5ye4U jYhlU2sz0TRshqg5NN9aqJCWBmpfVFITXGlImgvR7MVh5EtG2+6Cvv2e5/87D885HJoUl/AC aJVGz+g0SrWML6Qs557r96gCjYmKkTZJeEWPXRDuHDGhaCK21TzOj7VaV4mTxAVhZAqjVmUz Ovnhy8K0R/mjRKb9bI7xvYU0oM4EE/KhAe+DOccyz4SEtBi/RjD1oZjgip8IBueavEkdAVXl Nr67oHAJCc3l90kuKSOgoL/XW3xE8HJjnnJP5mMFVHUb+G6W4BMw3v/A1adpPxwHXRtCrh0P b1uaCY6Pwp3SRoGbKbwD2nsKPX0RjoJG43cBN38agaFhVeCe44MPQd56pttBeDP8Gmzx+CT2 h0lHNcFdDoO1e4TkWArzs394bpZiOXQUT1Pc2STIz6/gcU4wDL164vWDYKzajDg+Dt8q3nlu D3gCwddPFm8QAgV37XyOA8Bc+JjgJJsfrN0r8gbpYCns4LmXBhwIXRP7OaeBDxvOcbIEySv/ W7zSpZF4N9heyDmMhckxijOCodw8I6j0PIsvDFgcVA3iNSEpy7DJGalhYaGMTnWFZbWaUA2j b0Ouf9Lbsa7oRPNzR/oQppFsk2hm9naimKfMZnMz+hDQpEwievbD1RKlKHOvMzrtJV2WmmH7 0FaakvmLfot9E8U4Valn0hkmk9H9SwnaJ8CAEg4OnxYPLG7f8tCX9GtLVUkiH7H1b5inNy5G 18dVW9eylkYz7JIFFXErR+GoLatdGY6sZ501edKlmGthVeoFcYRJ2K0Z2FkaxDfH2zpbv3yu O7br1NUDzLaZiOSh0PUzUctOo7ZBe9NxPqkxaHGsji4wTi1nt9coV2K6ipIUMopNU+4NIXWs 8i8Bz36XIwMAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/NhwwKgxY5RNEmqx8uwDZhi7MlXI>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-oldversions-deprecate-01.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Mar 2019 20:05:03 -0000

Hi Stephen,

>> 3GPP has deprecated TLS 1.0 and DTLS 1.0 some years ago (but could at
>> that time not deprecate TLS 1.1 due to interop with older releases).
>> I would estimate that 3GPP will deprecate TLS 1.1 this year, at least
>> that is what I am going to suggest. I think that 3GPP will deprecate
>> non-AEAD and non-PFS cipher suites at the same time as TLS 1.1.
>
>Good to know. Might be no harm to put in some reference to that if you
>have one?

Yes, you can find the 3GPP TLS profile in Clause 6.2 of 3GPP TS 33.210
https://www.3gpp.org/DynaReport/33210.htm

Rel-15 is stable, Rel-16 is work-in-progress.

TLS 1.0 and DTLS 1.0 was forbidden already 2016 in Rel-14. At that time the 3GPP TLS profile was in  Annex E of 3GPP TS 33.310
https://www.3gpp.org/DynaReport/33310.htm

>> - I think the document should mention DTLS 1.0 much earlier, probably
>> even in the title.
>
>Fair point. Didn't add to title but added stuff in the abstract.
>
>But that does raise an issue for the WG. I never checked what
>else refers to 4347 that's needs to be updated. (Sigh, I should
>have done that before I guess;-)

Sorry ;-)

/John

-----Original Message-----
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Saturday, 9 March 2019 at 16:06
To: John Mattsson <john.mattsson@ericsson.com>, "TLS@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-oldversions-deprecate-01.txt


Hi John,

On 08/03/2019 22:44, John Mattsson wrote:
> Hi,
> 
> Thanks for driving this. Great work. I would like to see deprecation
> of done more often in IETF and elsewhere.
> 
> 3GPP has deprecated TLS 1.0 and DTLS 1.0 some years ago (but could at
> that time not deprecate TLS 1.1 due to interop with older releases).
> I would estimate that 3GPP will deprecate TLS 1.1 this year, at least
> that is what I am going to suggest. I think that 3GPP will deprecate
> non-AEAD and non-PFS cipher suites at the same time as TLS 1.1.

Good to know. Might be no harm to put in some reference to that if you
have one?

> Moving deprecation of SHA-1 to a different document makes sense to
> me. I would want such a document be deprecate a much as section 9.2
> of RFC 7540 with the exception of TLS_PSK_WITH_AES_128_CCM_8 for IoT.
> I.e, I think such a document should forbid non-AEAD and < 2048 DHE as
> well as changing the MTI cipher suite in TLS 1.2.

I'd support progressing such a draft if someone wrote one. Or maybe
that'd be good text to include in a revision of BCP195 when we've a
bit more experience with TLSv1.3.

For now, I think leaving in section 3 is ok though - killing sha-1
multiple times still leaves it as dead as killing it once:-)

> - I think the document should mention DTLS 1.0 much earlier, probably
> even in the title.

Fair point. Didn't add to title but added stuff in the abstract.

But that does raise an issue for the WG. I never checked what
else refers to 4347 that's needs to be updated. (Sigh, I should
have done that before I guess;-)

So I re-ran my script to find non-obsoleted RFCs with normative
references to 4347 and that turns up these new ones:

- RFC 8261, which says:

   The DTLS implementation MUST support DTLS 1.0 [RFC4347] and SHOULD
   support the most recently published version of DTLS, which was DTLS
   1.2 [RFC6347] when this RFC was published.  In the absence of a
   revision to this document, the latter requirement applies to all
   future versions of DTLS when they are published as RFCs.  This
   document will only be revised if a revision to DTLS or SCTP makes a
   revision to the encapsulation necessary.

I guess we could UPDATE that via this draft but we should probably add
some text if doing that, and we defo need to check if WebRTC really
needs DTLSv1.0 or if it's ok to deprecate that. (Anyone know?) I've
added a note to the draft wondering what to do about that but did't
add 8261 to the list of RFCs UPDATEd by this.

- RFC 6460 is suite-B which is already historic, so it probably doesn't
matter. I added this to the mega-list of stuff updated by this one as
that seems harmless.

- RFC 6353 is SNMP/TLS so seems like a straightforward case. I added
this to the list updated here.

- RFC 6084, which is "GIST" whatever that is.  I added this to the
list updated here.

- RFC 6083 is DTLS/SCTP. I added this to the list updated here.

- RFC 6012 is DTLS for syslog. I added this to the list updated here.

- RFC 5456 is some asterisk-related protocol. I added this to the list
updated here.

- RFC 5415 is CAPWAP. I added this to the list updated here.

> - Nit: The document uses "TLS1.0" "TLSv1.0" while most other drafts
> use "TLS 1.0"

I did a pass trying to make those consistently be TLSv1.x.

The changes above are reflected in the editor's copy, [1] now but
since those new UPDATE references are a substantive change, I'll push
out a -02 later today or tomorrow.

Cheers,
S.

[1]
https://github.com/tlswg/oldversions-deprecate/blob/master/draft-ietf-tls-oldversions-deprecate.txt

> 
> Cheers, John
> 
> -----Original Message----- From: TLS <tls-bounces@ietf.org> on
> behalf of Stephen Farrell <stephen.farrell@cs.tcd.ie> Date: Thursday,
> 8 November 2018 at 06:36 To: "TLS@ietf.org" <tls@ietf.org> Subject:
> Re: [TLS] I-D Action: draft-ietf-tls-oldversions-deprecate-01.txt
> 
> 
> Hiya,
> 
> This version attempts to make the few changes discussed at the
> meeting on Monday. I wrote a script that gave me a list of 76(!) RFCs
> this might need to update, and may of course have mucked that up, so
> if anyone has a chance to check if (some of) those make sense, that'd
> be great.
> 
> Ta, S.
> 
> On 08/11/2018 05:28, internet-drafts@ietf.org wrote:
>> 
>> A New Internet-Draft is available from the on-line Internet-Drafts
>> directories. This draft is a work item of the Transport Layer
>> Security WG of the IETF.
>> 
>> Title           : Deprecating TLSv1.0 and TLSv1.1 Authors         :
>> Kathleen Moriarty Stephen Farrell Filename        :
>> draft-ietf-tls-oldversions-deprecate-01.txt Pages           : 21 
>> Date            : 2018-11-07
>> 
>> Abstract: This document, if approved, formally deprecates Transport
>> Layer Security (TLS) versions 1.0 [RFC2246] and 1.1 [RFC4346] and
>> moves these documents to the historic state.  These versions lack
>> support for current and recommended cipher suites, and various
>> government and industry profiles of applications using TLS now
>> mandate avoiding these old TLS versions.  TLSv1.2 has been the
>> recommended version for IETF protocols since 2008, providing
>> sufficient time to transition away from older versions.  Products
>> having to support older versions increase the attack surface
>> unnecessarily and increase opportunities for misconfigurations.
>> Supporting these older versions also requires additional effort for
>> library and product maintenance.
>> 
>> This document updates many RFCs that normatively refer to TLS1.0
>> or TLS1.1 as described herein.  This document also updates RFC 7525
>> and hence is part of BCP195.
>> 
>> 
>> The IETF datatracker status page for this draft is: 
>> https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/
>>
>>
>> 
There are also htmlized versions available at:
>> https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-01
>>
>> 
https://datatracker.ietf.org/doc/html/draft-ietf-tls-oldversions-deprecate-01
>> 
>> A diff from the previous version is available at: 
>> https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-oldversions-deprecate-01
>>
>>
>>
>> 
Please note that it may take a couple of minutes from the time of submission
>> until the htmlized version and diff are available at
>> tools.ietf.org.
>> 
>> Internet-Drafts are also available by anonymous FTP at: 
>> ftp://ftp.ietf.org/internet-drafts/
>> 
>> _______________________________________________ TLS mailing list 
>> TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
>> 
>