Return-Path: X-Original-To: tls@ietfa.amsl.com Delivered-To: tls@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D7CD1A9165 for ; Tue, 27 Jan 2015 15:43:36 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: 0 X-Spam-Level: X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MANGLED_BACK=2.3, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-0.7] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m9dqpbPYd0DH for ; Tue, 27 Jan 2015 15:43:35 -0800 (PST) Received: from mail-we0-f172.google.com (mail-we0-f172.google.com [74.125.82.172]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 96C131A88B3 for ; Tue, 27 Jan 2015 15:43:29 -0800 (PST) Received: by mail-we0-f172.google.com with SMTP id q59so17757183wes.3 for ; Tue, 27 Jan 2015 15:43:28 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=3M0Xw7VCwcZQzVupzAI29CRzA/jhAhe10qhuZy61yMg=; b=lf6Vjrs3n0WDtArE7FiIu0VSSaiENBVCs502vZTJ9o4d3z8z6isnroZdJlko/jkq4m CMHQHADJ/CZTdFYrX2Qn0gQfVIleqm13hPzE4pmYkPCpybHkOq4vPOTE/ETst9d1jjcl SGthrAnaKFxjxCXrGqYe2muJCbWHJlnV/QmyzB1Lnv0H+SKRD7a6ONamXe6QOG2sOwvY Q4Nf4oC12IMEI35U2NJXamBCsbt1mWXDFkOFbHvVIi0jXEF7v+CULj0keBdFazp7tifR q7bkx74gnM156XslUI7CFTWW5fiasKm5mV5Bp+4gMflbpeyX7w2PjGXqEZx1YaNcgP3l qROw== X-Gm-Message-State: ALoCoQk2t5DAsFHip2YgqiaKsU9iQMDQ/RsxqHncqTY+Lh09oUGuYsW3ve0DwwMupE+YyV1A7+5q X-Received: by 10.194.173.161 with SMTP id bl1mr1152647wjc.102.1422402208353; Tue, 27 Jan 2015 15:43:28 -0800 (PST) Received: from typhoon.azet.org (chello080108032135.14.11.univie.teleweb.at. [80.108.32.135]) by mx.google.com with ESMTPSA id x6sm3765968wjf.24.2015.01.27.15.43.27 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 27 Jan 2015 15:43:27 -0800 (PST) Date: Wed, 28 Jan 2015 00:43:15 +0100 From: Aaron Zauner To: Hanno =?utf-8?B?QsO2Y2s=?= Message-ID: <20150127234314.GA6124@typhoon.azet.org> References: <54C7F106.9070400@azet.org> <201501271815.23083.davemgarrett@gmail.com> <20150128003356.41d2899b@pc> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="Nq2Wo0NMKNjxTN9z" Content-Disposition: inline In-Reply-To: <20150128003356.41d2899b@pc> User-Agent: Mutt/1.5.23 (2014-03-12) Archived-At: Cc: tls@ietf.org Subject: Re: [TLS] Working Group Last Call for draft-ietf-tls-sslv3-diediedie-00 X-BeenThere: tls@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2015 23:43:36 -0000 --Nq2Wo0NMKNjxTN9z Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * Hanno B=C3=B6ck [28/01/2015 00:34:13] wrote: > On Tue, 27 Jan 2015 18:15:22 -0500 > Dave Garrett wrote: >=20 > > Is it at all practical to publish an TLS RFC stating intent to > > deprecate TLS 1.0/1.1 within some fixed timeframe? I think everyone > > would rather phase it out then have to "be the hitman" each time. >=20 > I think if the deprecation of SSLv3 shows one thing it is that we need > to start now if we want to deprecate it in several years. >=20 I cannot agree more. > There are products on the market developed as late as 2011 that only > support SSLv3. I think a crucial thing would be to identify and stop > people from deploying TLS 1.0-only solutions today - so we won't have > them tomorrow when we really need to deprecate TLS 1.0. >=20 > It's a topic I've been discussing with a number of people lately. Ideas > welcome. I thought about adding something to webpages that will warn > users if they connect with anything !=3D TLS 1.2. That could at least > make people aware if they surf with deprecated technology. It's been pointed out earlier, but as not many people from TLS-WG have been active at UTA I just want to reference those two documents (currently WGLC and submitted for publication): Recommendations for Secure Use of TLS and DTLS: https://datatracker.ietf.org/doc/draft-ietf-uta-tls-bcp/ Summarizing Known Attacks on TLS and DTLS: https://datatracker.ietf.org/doc/draft-ietf-uta-tls-attacks/ Aaron --Nq2Wo0NMKNjxTN9z Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJUyCKSAAoJEOTbZJL9ubXVg9MQAKvND+NaaLwHp7EGtaJnz0dN 4FKGoVr7YM5UDPXrKNUx1ugk/GrhBPRz91GvfLrOCZ0uF2ZSPQSKif9I+4QJduJh /5/ccF69MTDMspFnNC55Jq4j3z0zBVBN6VtrPd1e12sIS5hO9oV+0peAjLTesx3I KBPNFzMPYFOp3CCCQlvmIOtpQ3IrTCxmeVDpU2GYG74jvelXC+qXgmGqmmQXkArF 1wzZq4BD8hHGImh8TWQ4LOPAQSdMo+M/RRUVgov5GHLCicSiLKvwllRswmgUy86m XQdacoEaxxi5e39whdbUwxAgba35UzdiIXdB7Kxwmot7NonajvEh1ZiOy6/Pb6z5 +1OuxocBRlJSzwCt+NY8L3QeULawtMWk0qXyYWc7LYP/btAY0x+J+r7jcByV0paQ T05HzHwTe5aMGWfhXcS+IP3nRVKexuah4mGBSpL3uv0HcH9jVFOlPbVB/EJ8a4Q6 /BGG/D5zchQkBYBeS0pCMZV3gowhyQyAkEzuTOIveVZDnKdhq0jY19HsC22+cdfj cVgc0ZT63SkNDV6x4LqQfyARMHboXV0FMTkmgCjkCrFPhhj/NhLDrV42tH/QVp9/ QGsUaMBKaCD+so98w8LTgnWsKh3HRy4aquh4eI4/7WCoEk+7wsLVGts8+t6wrPMK bV605FKiSnRU9ETZUDD6 =Ak18 -----END PGP SIGNATURE----- --Nq2Wo0NMKNjxTN9z--