Re: [TLS] I-D Action: draft-ietf-tls-oldversions-deprecate-07.txt

Sean Turner <sean@sn3rd.com> Fri, 09 October 2020 13:55 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 36EF53A0773 for <tls@ietfa.amsl.com>; Fri, 9 Oct 2020 06:55:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YveVBoV_WVL3 for <tls@ietfa.amsl.com>; Fri, 9 Oct 2020 06:55:02 -0700 (PDT)
Received: from mail-qk1-x730.google.com (mail-qk1-x730.google.com [IPv6:2607:f8b0:4864:20::730]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 37D583A0658 for <tls@ietf.org>; Fri, 9 Oct 2020 06:55:01 -0700 (PDT)
Received: by mail-qk1-x730.google.com with SMTP id z6so10636567qkz.4 for <tls@ietf.org>; Fri, 09 Oct 2020 06:55:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=8p8rJAhEOB+jbMbt7t4YLvxiYQ0m/nEwKREUGGB/7QQ=; b=kgkI09xWzGpIgmiEt110o+8bZ7lXP8YUZOdkohysdzd79EQVCvwv6+wLb+cdnLElRB pZz1oPALGY/ZtQ+V1eg/M+ayqTEzH8DaZYs3qlUYguVTbyyaRX6sRWeukcyV+3zmXgAK +sN2nMP2mWcMNrOH84SP3/gaBy8u7Ajz7svY8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=8p8rJAhEOB+jbMbt7t4YLvxiYQ0m/nEwKREUGGB/7QQ=; b=QP1cBSuzCP/tB5xQMF2naLgTBb2lPsV4/TIaGSw1bLTuu2HLmxQwb23TgYgIECyizJ e1vNoQ5xrYs7Rzl/CGM6z/Xp/Zv1d4scvp7uVzECxfZ/URG9DihAj8hxuC3nd9ZtDaaq 3H/j9g4PuMgvXNZzdWd4dFUJHfGZpWSZukd4K+aI4nS6gFg5ue9GNIOFHy7/qPkYywEF 8F8GncFTmNNhEQRgEOEmUX4iS/NdLgc7DzP86vp9TOFDQhjcw8fenOx44Y327xWj0clQ FBfcq0yVL4M9lFD0VFn5QG8VOT9Zo/vVJ559yi6NPhYR4pnUX8c3OYoCSlhdhIn+kqnr kz5A==
X-Gm-Message-State: AOAM530dOnxNQbK/2ouJG7LD1ZKp30vHiHLxQqjQIJ4PZvOyatNhN8gF jzbABe+Fw8nI1nNfBN3JP5T/Rg==
X-Google-Smtp-Source: ABdhPJxRXfH9OYHobGnY9BoP6ePrEgQUnLixhc5r/LtWpxGn3kxulS27vAOvkBTgHE4FHBALJr/6eg==
X-Received: by 2002:a37:684f:: with SMTP id d76mr13602022qkc.42.1602251700910; Fri, 09 Oct 2020 06:55:00 -0700 (PDT)
Received: from [192.168.1.152] (pool-108-31-39-252.washdc.fios.verizon.net. [108.31.39.252]) by smtp.gmail.com with ESMTPSA id r64sm6321463qkf.119.2020.10.09.06.54.59 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 09 Oct 2020 06:54:59 -0700 (PDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <160225104753.20428.9600707665313404237@ietfa.amsl.com>
Date: Fri, 9 Oct 2020 09:54:58 -0400
Cc: TLS List <tls@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <3911131D-D6F5-4779-BC6C-487A3C4EAB96@sn3rd.com>
References: <160225104753.20428.9600707665313404237@ietfa.amsl.com>
To: Benjamin Kaduk <kaduk@mit.edu>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Sutf7aeWPP1MxgvsmxjLMqU3u6E>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-oldversions-deprecate-07.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Oct 2020 13:55:04 -0000

Ben,

This version incorporates the PR you submitted to address you AD comments as well as a PR to address moving RFC 7507 to obsolete. I believe/hope this version is ready for IETF LC.

spt

> On Oct 9, 2020, at 09:44, internet-drafts@ietf.org wrote:
> 
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Transport Layer Security WG of the IETF.
> 
>        Title           : Deprecating TLSv1.0 and TLSv1.1
>        Authors         : Kathleen Moriarty
>                          Stephen Farrell
> 	Filename        : draft-ietf-tls-oldversions-deprecate-07.txt
> 	Pages           : 22
> 	Date            : 2020-10-09
> 
> Abstract:
>   This document, if approved, formally deprecates Transport Layer
>   Security (TLS) versions 1.0 (RFC 2246) and 1.1 (RFC 4346).
>   Accordingly, those documents (will be moved|have been moved) to
>   Historic status.  These versions lack support for current and
>   recommended cryptographic algorithms and mechanisms, and various
>   government and industry profiles of applications using TLS now
>   mandate avoiding these old TLS versions.  TLSv1.2 has been the
>   recommended version for IETF protocols since 2008, providing
>   sufficient time to transition away from older versions.  Removing
>   support for older versions from implementations reduces the attack
>   surface, reduces opportunity for misconfiguration, and streamlines
>   library and product maintenance.
> 
>   This document also deprecates Datagram TLS (DTLS) version 1.0
>   (RFC6347), but not DTLS version 1.2, and there is no DTLS version
>   1.1.
> 
>   This document updates many RFCs that normatively refer to TLSv1.0 or
>   TLSv1.1 as described herein.  This document also updates the best
>   practices for TLS usage in RFC 7525 and hence is part of BCP195.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/
> 
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-07
> https://datatracker.ietf.org/doc/html/draft-ietf-tls-oldversions-deprecate-07
> 
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-tls-oldversions-deprecate-07
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls