Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice

Ted Lemon <mellon@fugue.com> Wed, 02 December 2020 19:46 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4BFF3A1452 for <tls@ietfa.amsl.com>; Wed, 2 Dec 2020 11:46:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.887
X-Spam-Level:
X-Spam-Status: No, score=-1.887 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3B9snljql3P3 for <tls@ietfa.amsl.com>; Wed, 2 Dec 2020 11:46:33 -0800 (PST)
Received: from mail-qv1-xf29.google.com (mail-qv1-xf29.google.com [IPv6:2607:f8b0:4864:20::f29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 60CE53A1540 for <tls@ietf.org>; Wed, 2 Dec 2020 11:46:33 -0800 (PST)
Received: by mail-qv1-xf29.google.com with SMTP id p12so1283862qvj.13 for <tls@ietf.org>; Wed, 02 Dec 2020 11:46:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=adrefePpypqJ67xKfgb9T1A8OcJzklCIAxPWEj0O0+g=; b=DeogPUzaPpl6ik/nNHPd/bvhwsK3JirvqEj6wPb7WnZEhD6lnd7sGwGPvtCnUxmFGK 0R5YbgrMn5WLKb3rUesjN99T8mCXdnPeDW16iyz4Uh9XWTevLx6suF2fqVZd/oKYUUzR tCKc2Bei8tDZ9Jhk8pv3ujXiHuQiACXwIi6CHI4uzudCnskiE0x+GfM7w/486VLVwGPh 0Az71mmmM7IY1pTPLfZ/cemCIxANvdC99vMy0hpb/eU/h8FtblaMg+HBBXcZ4ME5uCzF xC6vHOr+uuW8p8Juz12lvuG5BUe3Zfb3WYQTxQnI1ov5h9EuDKVOofMaFYMHZxx6f40L 6IIw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=adrefePpypqJ67xKfgb9T1A8OcJzklCIAxPWEj0O0+g=; b=VyHUXGrFRzBIJpKTCnefaC7N95vo6BjAJnqxTZTl3llC5oaty1ZE1tt2QtnuPb2EnK thvncVGo1DJT7iB9fGyGl+e7ClLRfVvZLDhsL38jnhfNifO+f+mDSc0T81jn4KEINUDW KraoOkcgqmt3V/fPXltqS0seEgushkvdsWR79yXwJuqpX5acIcVhkc5sZ5X/578LkKR5 h/a3PSzC5VboA+qFeTsIX1c5WAi8BLHRNPZA/zkVRjFEU7xuKoYDwOdBuAf2Soj9a2HP 84xizf9lpoGeiHYzM72bkydL8kFm9CkpIOTv/rWFNXw1W0T2lqIzGSiaTqkAzhNBtkLW 5n7A==
X-Gm-Message-State: AOAM530rC1WLuVz0+FZtkdu1TG8mOMbNbYPpahUpxK5TlnDytiSEPrAt EKxiScSjH4e5ivwujqi/qFIvuA==
X-Google-Smtp-Source: ABdhPJwsREsima4wWuWU5wPB6k/DhyzJnLb5QZa6m8m5v0epr0kgsUVbGrLWeqmc2MtFcVDUNF6Ohw==
X-Received: by 2002:a0c:b8ae:: with SMTP id y46mr4208807qvf.51.1606938392153; Wed, 02 Dec 2020 11:46:32 -0800 (PST)
Received: from mithrandir.lan (c-24-91-177-160.hsd1.ma.comcast.net. [24.91.177.160]) by smtp.gmail.com with ESMTPSA id w9sm2894190qti.45.2020.12.02.11.46.30 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 02 Dec 2020 11:46:31 -0800 (PST)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <5D733BFE-33D4-4062-BE11-69F68AA479C8@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_C8CA741B-8EDC-4925-8605-52BC42FFE95B"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.40.0.2.32\))
Date: Wed, 02 Dec 2020 14:46:30 -0500
In-Reply-To: <SN6PR02MB4512CBA9E4BF6AAC778BC674C3F30@SN6PR02MB4512.namprd02.prod.outlook.com>
Cc: "Ackermann, Michael" <MAckermann@bcbsm.com>, Eliot Lear <lear=40cisco.com@dmarc.ietf.org>, Peter Gutmann <pgut001@cs.auckland.ac.nz>, "draft-ietf-tls-oldversions-deprecate@ietf.org" <draft-ietf-tls-oldversions-deprecate@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "tls@ietf.org" <tls@ietf.org>, "tls-chairs@ietf.org" <tls-chairs@ietf.org>
To: "STARK, BARBARA H" <bs7652@att.com>
References: <160496076356.8063.5138064792555453422@ietfa.amsl.com> <49d045a3-db46-3250-9587-c4680ba386ed@network-heretics.com> <b5314e17-645a-22ea-3ce9-78f208630ae1@cs.tcd.ie> <1606782600388.62069@cs.auckland.ac.nz> <0b72b2aa-73b6-1916-87be-d83e9d0ebd09@cs.tcd.ie> <1606814941532.76373@cs.auckland.ac.nz> <36C74BF4-FF8A-4E79-B4C8-8A03BEE94FCE@cisco.com> <SN6PR02MB4512D55EC7F4EB00F5338631C3F40@SN6PR02MB4512.namprd02.prod.outlook.com> <1606905858825.10547@cs.auckland.ac.nz> <EEFAB41B-1307-4596-8A2E-11BF8C1A2330@cisco.com> <BYAPR14MB31763782200348F502A70DA4D7F30@BYAPR14MB3176.namprd14.prod.outlook.com> <SN6PR02MB4512B95842251AE4C04B199CC3F30@SN6PR02MB4512.namprd02.prod.outlook.com> <BYAPR14MB31765FD24F4DFD90F81AEE2BD7F30@BYAPR14MB3176.namprd14.prod.outlook.com> <SN6PR02MB4512CBA9E4BF6AAC778BC674C3F30@SN6PR02MB4512.namprd02.prod.outlook.com>
X-Mailer: Apple Mail (2.3654.40.0.2.32)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/PP-yF3sO2y_pUiIK8Y1PSQCwz5w>
Subject: Re: [TLS] [Last-Call] Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2020 19:46:36 -0000

On Dec 2, 2020, at 1:51 PM, STARK, BARBARA H <bs7652@att.com> wrote:
> The final version of this was published over a year ago (August 2019). The first draft was in 2017.
> You said enterprises needed 1-2 years (or more) lead time. In the US, I think they've had at least 3 years lead time, so far.

Actually, when we had this conversation in Prague in 2017 (admittedly, at the time we were talking about the TLS 1.3 transition), Michael mentioned that he’d been asking for extensions for PCI compliance in the transition to TLS 1.2. IIRC the requirements had been announced at least five years prior, although I don’t remember the precise details.

So the point is, this was something that any industry that processes credit cards has known about and had as a burning issue for much longer than 1-2 years.