Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signature algorithms

Martin Thomson <martin.thomson@gmail.com> Tue, 12 January 2016 00:33 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC5C71ACC82 for <tls@ietfa.amsl.com>; Mon, 11 Jan 2016 16:33:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pQT08kx0wCh6 for <tls@ietfa.amsl.com>; Mon, 11 Jan 2016 16:33:12 -0800 (PST)
Received: from mail-io0-x22b.google.com (mail-io0-x22b.google.com [IPv6:2607:f8b0:4001:c06::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 640281ACC83 for <tls@ietf.org>; Mon, 11 Jan 2016 16:33:12 -0800 (PST)
Received: by mail-io0-x22b.google.com with SMTP id g73so171196748ioe.3 for <tls@ietf.org>; Mon, 11 Jan 2016 16:33:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=mWd0qA373duq2oFB8qR2uLd5I03Inwek0FKNZbiW5JM=; b=AqNpD9jv/JiTAFcgcLk9pywSK6mseY1S3DlWvvnsEHWt8cC3xkcSO8MoxQVOBEknTz /8Ak7IpXhscO0P3ZZvQK/d5H6sjqJwUKgWkJQQn59B79R24ql1MjkQz5nYl9AuzQuHGT i9RkDi+3bp3BbiOT+7AHn0L8MZBpxdelc27AKYZm9ihrf/vib0Ziy4EVT+AVQugNkBvP g/GEJnjMO4JlVaUL6rqiIfxKPDZibE5kjoMc6omY2Qq3Cq0YXQecwN43iPt1OY0SqpWw GmIfK0y9DQEjIbLkmna5rlC53WvBvq10JeRkJ7Q/N7hvYLMe0x/f4Gc1IWW69Np4hQfq FIMA==
MIME-Version: 1.0
X-Received: by 10.107.33.12 with SMTP id h12mr59873322ioh.108.1452558791771; Mon, 11 Jan 2016 16:33:11 -0800 (PST)
Received: by 10.36.149.130 with HTTP; Mon, 11 Jan 2016 16:33:11 -0800 (PST)
In-Reply-To: <20160111183017.GA12243@roeckx.be>
References: <20160111183017.GA12243@roeckx.be>
Date: Tue, 12 Jan 2016 11:33:11 +1100
Message-ID: <CABkgnnVXF8UB91vH6PUmCxv950mVeUEwyOenCFhnqwTZpzPtHg@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Kurt Roeckx <kurt@roeckx.be>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/qabUKhkJlbBpubppK6f55c3oi7g>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Deprecating TLS 1.0, 1.1 and SHA1 signature algorithms
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jan 2016 00:33:13 -0000

On 12 January 2016 at 05:30, Kurt Roeckx <kurt@roeckx.be>; wrote:
> After the SLOTH paper, we should think about starting to deprecate
> TLS 1.0 and TLS 1.1 and the SHA1 based signature algorithms in TLS
> 1.2.


Let's be clear about this: TLS 1.0 represents far too high a
proportion of our usage to remove it at this point.  TLS 1.2 growth is
still solid, but it really isn't that long ago that we turned on TLS
1.2.

The encouragement we give people to upgrade will remain our best
option until TLS 1.0 usage drops an awful lot.